1、 ETSI TS 103 096-3 V1.3.1 (2017-03) Intelligent Transport Systems (ITS); Testing; Conformance test specifications for ITS Security; Part 3: Abstract Test Suite (ATS) and Protocol Implementation eXtra Information for Testing (PIXIT) floppy3TECHNICAL SPECIFICATION ETSI ETSI TS 103 096-3 V1.3.1 (2017-0
2、3)2 Reference RTS/ITS-00536 Keywords ATS, ITS, testing, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88
3、 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior wr
4、itten authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present docum
5、ent should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of
6、 the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of
7、 the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks o
8、f ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)3 Conte
9、nts Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Contents of the ITS Security Test Suite . 8g35 Abstract
10、 Test Method . 8g35.1 Introduction 8g35.2 Abstract protocol tester 8g35.3 Test Configuration 9g35.3.1 Introduction. 9g35.3.2 PKI infrastructure . 9g35.3.2.1 Overview . 9g35.3.2.2 PKI certificate hierarchy . 9g35.3.2.3 Test system settings. 11g35.3.2.3.1 Test adapter settings 11g35.3.2.3.2 Test Suite
11、 Parameters 11g35.3.2.4 Certificate profiles . 12g35.3.2.5 Certificate generation 13g35.3.2.6 Certificate installation . 13g35.4 Test architecture . 14g35.5 Ports and ASPs . 14g35.5.1 Introduction. 14g35.5.2 Primitives of the geoNetworkingPort . 14g35.5.3 Primitives of the utPort . 14g36 External fu
12、nctions 15g37 ATS conventions 16g37.1 Introduction 16g37.2 Testing conventions 16g37.2.1 Testing states 16g37.2.1.1 Initial states . 16g37.2.1.2 Final state 16g37.3 Naming conventions . 16g37.3.1 Introduction. 16g37.3.2 General guidelines 16g37.3.3 ITS specific TTCN-3 naming conventions . 17g37.3.4
13、Usage of Log statements . 18g37.3.5 Test Case (TC) identifier 18g37.4 On line documentation . 19g3Annex A (informative): ATS in TTCN-3 20g3A.1 TTCN-3 files and other related modules 20g3Annex B (normative): Partial PIXIT pro forma for Security 21g3B.1 Partial cancellation of copyright . 21g3B.2 Intr
14、oduction 21g3ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)4 B.3 Identification summary. 21g3B.4 ATS summary 21g3B.5 Test laboratory 21g3B.6 Client identification 22g3B.7 SUT 22g3B.8 Protocol layer information 22g3B.8.1 Protocol identification 22g3B.8.2 IUT information . 23g3Annex C (normative): PCTR pro f
15、orma for Security . 25g3C.1 Partial cancellation of copyright . 25g3C.2 Introduction 25g3C.3 Identification summary. 25g3C.3.1 Protocol conformance test report 25g3C.3.2 IUT identification . 25g3C.3.3 Testing environment . 25g3C.3.4 Limits and reservation 26g3C.3.5 Comments. 26g3C.4 IUT Conformance
16、status 26g3C.5 Static conformance summary . 26g3C.6 Dynamic conformance summary 26g3C.7 Static conformance review report . 27g3C.8 Test campaign report 27g3C.9 Observations . 27g3History 28g3ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)5 Intellectual Property Rights IPRs essential or potentially essential
17、 to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified t
18、o ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the
19、 existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems (ITS). The
20、 present document is part 3 of a multi-part deliverable covering Conformance test specifications for ITS Security, as identified below: Part 1: “Protocol Implementation Conformance Statement (PICS)“; Part 2: “Test Suite Structure and Test Purposes (TSS Part 3: “Abstract Test Suite (ATS) and Protocol
21、 Implementation eXtra Information for Testing (PIXIT)“. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms fo
22、r the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)6 1 Scope The present document provides parts of the Abstract Test Suite (ATS) for Security as defined in ETSI TS 103 097 1 in accor
23、dance with the relevant guidance given in ISO/IEC 9646-7 i.6. The objective of the present document is to provide a basis for conformance tests for security communication over GeoNetworking equipment giving a high probability of interoperability between different manufacturers equipment. The ISO sta
24、ndards for the methodology of conformance testing (ISO/IEC 9646-1 i.3 and ISO/IEC 9646-2 i.4) as well as the ETSI rules for conformance testing (ETSI ETS 300 406 i.7) are used as a basis for the test methodology. 2 References 2.1 Normative references References are either specific (identified by dat
25、e of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly a
26、vailable in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the
27、 present document. 1 ETSI TS 103 097 (V1.2.1): “Intelligent Transport Systems (ITS); Security; Security header and certificate formats“. 2 ETSI TS 102 871-2 (V1.3.1): “Intelligent Transport Systems (ITS); Testing; Conformance test specifications for GeoNetworking ITS-G5; Part 2: Test Suite Structure
28、 and Test Purposes (TSS Testing; Conformance test specifications for GeoNetworking ITS-G5; Part 3: Abstract Test Suite (ATS) and Protocol Implementation eXtra Information for Testing (PIXIT)“. 4 ETSI TS 103 096-1 (V1.3.1): “Intelligent Transport Systems (ITS); Testing; Conformance test specification
29、s for ITS Security; Part 1: Protocol Implementation Conformance Statement (PICS)“. 5 ETSI TS 103 096-2 (V1.3.1): “Intelligent Transport Systems (ITS); Testing; Conformance test specifications for ITS Security; Part 2: Test Suite Structure and Test Purposes (TSS Testing; Framework for conformance and
30、 interoperability testing“. i.2 ETSI TR 103 099 (V1.4.1): “Intelligent Transport Systems (ITS); Architecture of conformance validation framework“. ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)7 i.3 ISO/IEC 9646-1 (1994): “Information technology - Open Systems Interconnection - Conformance testing methodol
31、ogy and framework - Part 1: General concepts“. i.4 ISO/IEC 9646-2 (1994): “Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 2: Abstract Test Suite specification“. i.5 ISO/IEC 9646-6 (1994): “Information technology - Open Systems Interconnec
32、tion - Conformance testing methodology and framework - Part 6: Protocol profile test specification“. i.6 ISO/IEC 9646-7 (1995): “Information technology - Open Systems Interconnection - Conformance testing methodology and framework - Part 7: Implementation Conformance Statements“. i.7 ETSI ETS 300 40
33、6 (1995): “Methods for testing and Specification (MTS); Protocol and profile conformance testing specifications; Standardization methodology“. i.8 OpenSSL Project Toolkit Library V1.0.1j. NOTE: Available at www.openssl.org. i.9 ETSI ES 201 873-1: “Methods for Testing and Specification (MTS); The Tes
34、ting and Test Control Notation version 3; Part 1: TTCN-3 Core Language“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TS 103 097 1, ETSI TS 102 871-2 2, ETSI TS 102 871-3 3, ISO/IEC 9646-6 i.5 and ISO/IEC 9646-7 i.6
35、 apply. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AA Authorization Authority AID Application IDASP Abstract Service Primitive AT Authorization Ticket ATM Abstract Test Method ATS Abstract Test Suite BO Inopportune Behaviour tests BTP Basic Transpo
36、rt Protocol BV Valid Behaviour tests CAM Cooperative Awareness Message DEN Decentralized Environmental Notification DENM Decentralized Environmental Notification Message EN European Norm ES ETSI StandardGN GeoNetworking HSM Hardware Security Module HTML HyperText Markup Language ISO International Or
37、ganization for Standardization ITS Intelligent Transport System ITSS ITS-S data transfer ITS-S ITS Station IUT Implementation Under Test NB Normal Behaviour PCTR Protocol Conformance Testing Report ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)8 PEM Privacy Enhanced Mail NOTE: Standard format for OpenSSL.
38、PICS Protocol Implementation Conformance Statement PIXIT Partial Protocol Implementation eXtra Information for Testing PKI Public Key Infrastructure PX PiXit SAP Service Access Point SCS System Conformance Statement SCTR Static Conformance Test Report SSP Service Specific Permissions SUT System Unde
39、r Test TC Test Case TP Test PurposesTR Technical Report TS Test System TSS Test Suite Structure TTCN Testing and Test Control Notation UT Upper Tester XML eXtensible Markup Language 4 Contents of the ITS Security Test Suite The ITS Security test suite contains: test implemented in TTCN-3 code certif
40、icate profiles and certificate generation tool To execute the ITS Security Test Suite a Test Adapter implementation and a TTCN-3 compiler is required. The reference Test Adapter implementation can be found at http:/forge.etsi.org. TTCN-3 compilers can be acquired at http:/www.ttcn-3.org. 5 Abstract
41、Test Method 5.1 Introduction This clause describes the ATM used to test the ITS-Security framework. 5.2 Abstract protocol tester The abstract protocol tester used by the ITS-Security test suite is described in figure 1. The Test System simulates valid and invalid protocol behaviour, and analyses the
42、 reaction of the IUT. ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)9 Figure 1: Abstract protocol tester - Security 5.3 Test Configuration 5.3.1 Introduction This test suite uses test configurations defined in ETSI TS 102 871-3 3, i.e. the tester simulates the ITS station implementing the ITS Security fram
43、ework over GeoNetworking protocol. 5.3.2 PKI infrastructure 5.3.2.1 Overview Before executing tests: security certificates need to be generated, see clause 5.3.2.5; security certificates need to be installed onto the IUT, see clause 5.3.2.6; and some Test System settings need to be configured, see c
44、lause 5.3.2.3. 5.3.2.2 PKI certificate hierarchy The required PKI certificate hierarchy of the test infrastructure is presented in figure 2. ETSI ETSI TS 103 096-3 V1.3.1 (2017-03)10 Figure 2: Required PKI certificate hierarchy The following certificates are required for the test execution: 1) The c
45、ustom user-generated root certificate, referred as CERT_TEST_ROOT, is used to sign all AA certificates used by the Test System and by the IUT to verify the Test System certificates. For the generation procedure see clause 5.3.2.5. The IUT shall install this CERT_TEST_ROOT certificate and consider it
46、 as trusted. In the case where the IUT cannot install the CERT_TEST_ROOT, no tests can be executed. 2) Further certificates to be installed on the IUT: - Option 1: Certificates (CERT_TS_AA and the set of CERT_IUT_AT) can be installed onto the IUT. Please refer to clause 5.3.2.6 for further details o
47、n certificate installation. If the IUT supports certificate selection using the UtInitialize Upper Tester command, than all mandatory tests can be executed and PICS_CERTIFICATE_SELECTION shall be set to true. - Option 2: The IUT can only use its own pre-installed certificates. In this case only a su
48、bset of mandatory tests can be executed and PICS_CERTIFICATE_SELECTION shall be set to false. In both cases it is necessary to copy these certificates to the subfolder of the location defined in PX_CERTIFICATE_POOL_PATH. The name of the subfolder shall be provided in PX_IUT_SEC_CONFIG_NAME. It is no
49、t necessary to install IUT_ROOT and AA certificates onto the Test System when IUT and TS are using different PKIs. The TS trusts any root and AA certificate from the IUT. A set of certificates and private keys to be used on the Test System side to sign various messages and other Test System certificates. These files are generated by the generation script (see clause 5.3.2.5). All certificates and private keys shall be stored as hexadecimal streams. The TS selects certificate using its file name. Table 1 desc
