1、 ETSI TS 103 097 V1.3.1 (2017-10) Intelligent Transport Systems (ITS); Security; Security header and certificate formats TECHNICAL SPECIFICATION ETSI ETSI TS 103 097 V1.3.1 (2017-10)2 Reference RTS/ITS-00540 Keywords ITS, privacy, protocol, security ETSI 650 Route des Lucioles F-06921 Sophia Antipol
2、is Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present docu
3、ment may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/
4、or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current st
5、atus of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may
6、 be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing r
7、estriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizationa
8、l Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 097 V1.3.1 (2017-10)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 4g31 Scope 5g32
9、References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Abbreviations . 5g34 Basic format elements 6g35 Specification of secure data structure . 6g35.1 EtsiTs103097Data 6g35.2 SignedData . 7g35.3 EncryptedData 8g36 Specification of certificate format 8g37 Security profiles . 9g37
10、.1 Profiles for messages 9g37.1.1 Security profile for CAMs 9g37.1.2 Security profile for DENMs 10g37.1.3 Generic security profile for other signed messages 10g37.1.4 Security profile for encrypted messages . 10g37.1.5 Security profile for signed and encrypted messages . 10g37.2 Profiles for certifi
11、cates . 10g37.2.1 Authorization tickets. 10g37.2.2 Enrolment credential . 11g37.2.3 Root CA certificates 11g37.2.4 Subordinate certification authority certificates . 11g37.2.5 Trust List Manager certificate . 12g3Annex A (normative): ASN.1 Modules . 13g3A.1 ETSI TS 103 097 ASN.1 Module 13g3A.2 IEEE
12、1609.2 ASN.1 modules . 14g3History 23g3ETSI ETSI TS 103 097 V1.3.1 (2017-10)4 Intellectual Property Rights Essential patents IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availab
13、le for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server
14、(https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
15、essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reprodu
16、ce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Intellig
17、ent Transport Systems (ITS). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisi
18、ons). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction Security policies require that data structures such as messages used in Intelligent Transport Systems are secured when stored or transferred. For interoperability reasons, a common form
19、at for secure data structures featuring security headers and public key certificates needs to be provided. The present document provides these definitions as a profile of the base standard IEEE Std 1609.2TM-2016 and its amendment IEEE 1609.2aTM-2017 1. A profile makes use of the definitions in the b
20、ase standard and defines the use of particular subsets or options available in the base standard. This implies that the present document is to be read and interpreted together with that base standard. The present document contains material from IEEE Std 1609.2-2016 1 and its amendment(s), reprinted
21、with permission from IEEE, and Copyright 2016. ETSI ETSI TS 103 097 V1.3.1 (2017-10)5 1 Scope The present document specifies the secure data structure including header and certificate formats for Intelligent Transport Systems. 2 References 2.1 Normative references References are either specific (ide
22、ntified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to
23、 be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the appli
24、cation of the present document. 1 IEEE Std 1609.2-2016: “IEEE Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages“, as amended by IEEE Std 1609.2a-2017: “Standard for Wireless Access In Vehicular Environments - Security Services for App
25、lications and Management Messages Amendment 1“. 2 ETSI TS 102 965: “Intelligent Transport Systems (ITS); Application Object Identifier (ITS-AID); Registration“. 3 Recommendation ITU-T X.696 (08/2014): “Information Technology-Specification of Octet Encoding Rules (OER)“. 2.2 Informative references Re
26、ferences are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: Whil
27、e any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI
28、 TS 102 940: “Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management“. i.2 ETSI TS 102 941: “Intelligent Transport Systems (ITS); Security; Trust and Privacy Management“. 3 Abbreviations For the purposes of the present document, the following
29、abbreviations apply: AA Authorization Authority ASN.1 Abstract Syntax Notation One AT Authorization Ticket ETSI ETSI TS 103 097 V1.3.1 (2017-10)6 CA Certification Authority CAM Cooperative Awareness Message COER Canonical Octet Encoding Rules CRL Certificate Revocation List CTL Certificate Trust Lis
30、t DENM Decentralized Environmental Notification Message EA Enrolment Authority ECDSA Elliptic Curve Digital Signature Algorithm ECIES Elliptic Curve Integrated Encryption Scheme ITS Intelligent Transport Systems ITS-AID ITS Application ID ITS-S Intelligent Transport Systems Station SSP Service Speci
31、fic Permissions TLM Trust List Manager 4 Basic format elements Data structures in the present document are defined using Abstract Syntax Notation 1 (ASN.1) and shall be encoded using the Canonical Octet Encoding Rules (COER) as defined in Recommendation ITU-T X.696 3. This includes some data structu
32、res in the present document for which a “canonical encoding“ is used as defined in IEEE Std 1609.2 1. Clause 5 and 6 specify and describe the data structures with reference to IEEE Std 1609.2 1. The corresponding ASN.1 module is defined in annex A. The validity of a certificate shall be assessed as
33、defined in IEEE Std 1609.2 1 clause 5.1, using the Hash ID-based revocation method for EA and AA certificates, and no revocation method for authorization tickets and enrolment credentials. NOTE 1: The CRL for EA and AA certificates is defined in ETSI TS 102 941 i.2. NOTE 2: The rules for verificatio
34、n of the Root CA certificate against the CTL are defined in ETSI TS 102 941 i.2. The validity of signed data shall be assessed as defined in IEEE Std 1609.2 1 clause 5.2. 5 Specification of secure data structure 5.1 EtsiTs103097Data A secure data structure shall be of type EtsiTs103097Data as define
35、d in annex A, which corresponds to a Ieee1609Dot2Data as defined in IEEE Std 1609.2 1 clause 6.3.2, with the constraints defined in this clause, in clause 5.2 and in clause 5.3. The type Ieee1609Dot2Data shall support the following options in the component content: The option unsecuredData shall be
36、used to encapsulate an unsecured data structure. The option signedData, corresponding to the type SignedData as defined in IEEE Std 1609.2 1 clause 6.3.4, shall be used to transfer a data structure with a signature. The option encryptedData, corresponding to the type EncryptedData as defined in IEEE
37、 Std 1609.2 1 clause 6.3.30, shall be used to transfer an encrypted data structure. The following corresponding profiles of the type EtsiTs103097Data are defined in annex A: The parameterized type EtsiTs103097Data-Signed using the Ieee1609Dot2Data option signedData containing the data structure in t
38、he component tbdData.payload.data. ETSI ETSI TS 103 097 V1.3.1 (2017-10)7 The parameterized type EtsiTs103097Data-SignedExternalPayload using the Ieee1609Dot2Data option signedData containing the digest of the data structure in the component tbdData.payload.extDataHash. The parameterized type EtsiTs
39、103097Data-Encrypted, using the Ieee1609Dot2Data option encryptedData containing the encrypted data structure in the component ciphertext.aes128ccm.ccmCiphertext. The parameterized type EtsiTs103097Data- SignedAndEncrypted, using the Ieee1609Dot2Data option EncryptedData, containing an encrypted Ets
40、iTs103097Data-Signed. 5.2 SignedData The type SignedData shall have the following constraints: The component hashId of SignedData shall indicate the hash algorithm to be used to generate the hash of the message according to IEEE Std 1609.2 1 clauses 6.3.5 and 5.3.3. The component tbsData of SignedDa
41、ta shall be of type ToBeSignedData as defined in IEEE Std 1609.2 1 clause 6.3.6. The type ToBeSignedData shall have the component payload of type SignedDataPayload as defined in IEEE Std 1609.2 1 clause 6.3.7, containing either: the component data, containing the payload to be signed as an Ieee1609D
42、ot2Data, or the component extDataHash, containing the hash of data that is not explicitly transported within the structure. The type ToBeSignedData shall have the component headerInfo of type HeaderInfo as defined in IEEE Std 1609.2 1 clause 6.3.9, and constrained to have the following security head
43、ers: The component psid containing the ITS-AID corresponding to the contained message. The component generationTime as defined in IEEE Std 1609.2 1, always present. The component expiryTime, as defined in IEEE Std 1609.2 1, present or absent according to the specification of message profiles in clau
44、se 7. The component generationLocation, as defined in IEEE Std 1609.2 1, present or absent according to the specification of message profiles in clause 7. The component p2pcdLearningRequest always absent. The component missingCrlIdentifier always absent. The component encryptionKey, as defined in IE
45、EE Std 1609.2 1, present or absent according to the specification of message profiles in clause 7. The component inlineP2pcdRequest, as defined in IEEE Std 1609.2 1, present or absent according to the specification of message profiles in clause 7. The component requestedCertificate, as defined in IE
46、EE Std 1609.2 1, present or absent according to the specification of message profiles in clause 7. The component signer of SignedData shall be of type SignerIdentifier as defined in IEEE Std 1609.2 1 clause 6.3.24, and constrained to one of the following choices: digest, containing the digest of the
47、 signing certificate as defined in IEEE Std 1609.2 1 clause 6.3.26. certificate, constrained to only one entry in the SequenceOfCertificate list of type TS103097Certificate, containing the signing certificate as defined in clause 6 of the present document. ETSI ETSI TS 103 097 V1.3.1 (2017-10)8 The
48、component signature of SignedData shall be of type Signature as defined in IEEE Std 1609.2 1 clause 6.3.28 and shall contain the ECDSA signature as defined in IEEE Std 1609.2 1 clauses 6.3.29, 6.3.29a and 5.3.1. 5.3 EncryptedData The type EncryptedData shall have the following constraints: The compo
49、nent recipients of EncryptedData shall be of type SequenceOfRecipientInfo as defined in IEEE Std 1609.2 1 clause 6.3.31. Every entry shall be either of option pskRecipInfo as defined in IEEE Std 1609.2 1 clause 6.3.32, of option certRecipInfo, or of option signedDataRecipInfo, as defined in IEEE Std 1609.2 1 clause 6.3.34. The encryption scheme used shall be ECIES as defined in IEEE Std 1609.2 1 clause 5.3.5. The component ciphertext of EncryptedData shall be of
