Published Date: Published in February 2019
The ETSI Technical Committee Intelligent Transportation System (ITS) has published more than 269
specifications and standards on the topic of ITS, including the following specifically on ITS security:
- ETSI TS 102 731: ITS; Security; Security Services and Architecture
- ETSI TR 102 893; ITS; Security, Threat, Vulnerability and Risk Analysis
- ETSI TS 102 940: ITS; Security; ITS communications security architecture & security management
- ETSI TS 102 941: ITS; Security; Trust and Privacy Management
- ETSI TS 102 942: ITS; Security; Access control
- ETSI TS 102 943: ITS; Security; Confidentiality services
- ETSI TS 103 097: ITS; Security; Security header and certificate formats
Of relevance are primarily ETSI TS 102 941 (trust and privacy management) and 943 (confidentiality services). ETSI’s 941 standard focuses on the secure distribution and maintenance (including revocation) of trust relationships through the use of enrollment credentials that provide third-party certificates of proof of identity, and notably through the use of public key certifications and Public Key Infrastructure (PKI) to establish and maintain trust between ITS stations (ITS-S, which includes vehicles and roadside units). In large part, the standard leverages the four key attributes related to privacy as outlined in ISO/IEC 15408-2 (which itself contains a comprehensive catalog of predefined security functional components that will meet most common security needs of the marketplace). These key attributes are anonymity; pseudonymity; unlinkability; and unobservability.
ETSI’s 943 standard, on the other hand, looks at protecting the confidentiality of information sent to and from an ITS-S at a level that is acceptable to users. Various confidentiality requirements are set forth, with the most prominent ones requiring high levels of confidentiality, including advertised services, local high-speed unicast service, local multicast service, low-speed unicast service, distributed service, and signaling data.
The 941 standard covers two broad topics: trust and privacy management, and security association and key
management between ITS-S. Under the first topic, three primary security technologies are described in detail:
1) ITS-S security life cycle, 2) PKI, and 3) the generation, distribution, and use of trust information lists.
ITS-S security life cycle goes through the main stages that should be set for ITS life cycle management. These include configuration during manufacture, followed by enrolment, authorization, operation, and maintenance, and finally end of life. At manufacture, a unique identifier needs to be created and bundled in with contact information for the certificate issuers, trusted certificates for communication with other ITS-S, a public/private key pair, and a trust anchor (Root Certificate Authority (CA)) public key certificate.
This information will serve to enroll the ITS-S credential and enable subsequent authorization requests that will allow the ITS-S to access a specific service. During the maintenance phase, specific processes exist for updating trust information lists and root CAs, which then allow the individual ITS-S to be updated in a controlled environment. The standard also includes information on end of life and the requirements to allow ITS-S revocation and removal from a communication mechanism.
ETSI TS 102 941 then provides lengthy technical details on the implementation of PKI for security management, and this includes CA requests, enrolment/authorization assumption and requirements (using either a cellular network connection or a Vehicle-to-Infrastructure (V2I) connection), message sequences, authorization management, and authorization validation protocol.
The generation, distribution, and use of trust information lists details how the Trust List Manager (TLM) is responsible for approving or rejecting Root CA certificates in the certificate trust list. The functions covered include adding a new Root CA, updating trust information of a Root CA, deleting/revoking a Root CA, updating the TLM certificate after a renewal process, and updating the access point (URL) to enable secure distribution of TLM contact details.
The second part of the standard looks at security association and key management between ITS-S, notably for unicast and multicast applications (which can be considered commercially sensitive). These should leverage either asymmetric or symmetric key systems to provide for security association life cycle and related key management.
The 943 standard, on the other hand, details how to ensure confidentiality at the application layer (for example, the data encryption services provided by IEEE P1609.2), network layer (IPv6,), and link layers (confidentiality services for 2G/3G/LTE communications are specified in TS 133 102).
The standard is relatively short here, as existing mechanisms for confidentiality protection already exist.
Notably, 943 makes reference to the following for further technical details:
- ETSI TS 133 102 (Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Security architecture – 3GPP TS 33.102)
- IEEE P1609.2/D12 (for Wireless Access in Vehicular Environments – Security Services for Applications and Management Messages)
- IEEE 802.11p (IEEE Standard for Information technology – Local and metropolitan area networks
- Specific requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 6: Wireless Access in Vehicular Environments)
- ETSI ITS Security 940 and 941
ETSI TS 102 941 and 943 form part of the broader security series under the ETSI ITS umbrella and should be used in parallel with those other standards, notably 940 and 942, which offer a much more detailed deep dive into the security architecture for ITS-S. Further, ETSI TS 103 097 provides more information on how to create security policies for messages used in ITS specifically (and also covers public key certificates). Overall, these present the foundation of an ITS PKI across European ITS-S.