This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.: \u2014 between devices operated as bounded secured managed entities, i.e. “ITS Station Communication Units” (ITS-SCU) and “ITS station units” (ITS-SU) as specified in ISO 21217; and \u2014 between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many intelligent transport system (ITS) applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside\/infrastructure-related services.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | European foreword Endorsement notice <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 5 Overview 5.1 General description, relationship to transport layer security (TLS) and relationship to application specifications <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 5.2 Goals 5.3 Architecture and functional entities <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 5.4 Cryptomaterial handles 5.5 Session IDs and state <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 5.6 Access control and authorization state 5.7 Application level non-repudiation 5.8 Service primitive conventions <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6 Process flows and sequence diagrams 6.1 General 6.2 Overview of process flows <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 6.3 Sequence diagram conventions <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 6.4 Configure <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 6.5 Start session <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 6.6 Send data <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 6.7 Send access control PDU <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 6.8 Receive PDU <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 6.9 Extend session 6.9.1 Goals <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 6.9.2 Processing 6.10 Secure connection brokering 6.10.1 Goals 6.10.2 Prerequisites <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 6.10.3 Overview <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 6.10.4 Detailed specification <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 6.11 Force end session <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 6.12 Session terminated at session layer 6.13 Deactivate <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 6.14 Secure session example <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 7 Security subsystem: interfaces and data types 7.1 General <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 7.2 Access control policy and state <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 7.3 Enhanced authentication 7.3.1 Definition and possible states 7.3.2 States for owner role enhanced authentication <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 7.3.3 State for accessor role enhanced authentication 7.3.4 Use by access control 7.3.5 Methods for providing enhanced authentication 7.3.6 Enhanced authentication using SPAKE2 <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 7.4 Extended authentication <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 7.5 Security Management Information Request 7.5.1 Rationale <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 7.5.2 General <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 7.6 Data types 7.6.1 General 7.6.2 Imports 7.6.3 \u201cHelper\u201d data types <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 7.6.4 Iso21177AccessControlPdu 7.6.5 AccessControlResult 7.6.6 ExtendedAuthPdu <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | 7.6.7 ExtendedAuthRequest 7.6.8 InnerExtendedAuthRequest 7.6.9 AtomicExtendedAuthRequest <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | 7.6.10 ExtendedAuthResponse 7.6.11 ExtendedAuthResponsePayload 7.6.12 EnhancedAuthPdu <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 7.6.13 SpakeRequest 7.6.14 SpakeResponse 7.6.15 SpakeRequesterResponse 7.6.16 SecurityMgmtInfoPdu 7.6.17 SecurityMgmtInfoRequest <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | 7.6.18 EtsiCrlRequest 7.6.19 CertChainRequest 7.6.20 SecurityMgmtInfoResponse <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 7.6.21 SecurityMgmtInfoErrorResponse 7.6.22 EtsiCrlResponse 7.6.23 EtsiCtlResponse 7.6.24 IeeeCrlResponse <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | 7.6.25 CertChainResponse 7.6.26 SessionExtensionPdu <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 7.7 App-Sec Interface 7.7.1 App-Sec-Configure.request <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 7.7.2 App-Sec-Configure.confirm 7.7.3 App-Sec-StartSession.indication 7.7.4 App-Sec-Data.request <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | 7.7.5 App-Sec-Data.confirm 7.7.6 App-Sec-Incoming.request <\/td>\n<\/tr>\n | ||||||
| 77<\/td>\n | 7.7.7 App-Sec-Incoming.confirm <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 7.7.8 App-Sec-EndSession.request 7.7.9 App-Sec-EndSession.indication <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | 7.7.10 App-Sec-Deactivate.request 7.7.11 App-Sec-Deactivate.confirm 7.7.12 App-Sec-Deactivate.indication <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 7.8 Security subsystem internal interface 7.8.1 General 7.8.2 Sec-AuthState.request 7.8.3 Sec-AuthState.confirm <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | 8 Adaptor layer: interfaces and data types 8.1 General <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | 8.2 Data types 8.2.1 General 8.2.2 Iso21177AdaptorLayerPDU <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | 8.2.3 Apdu 8.2.4 AccessControl 8.2.5 TlsClientMsg1 8.2.6 TlsServerMsg1 8.3 App-AL Interface 8.3.1 App-AL-Data.request <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | 8.3.2 App-AL-Data.confirm 8.3.3 App-AL-Data.indication <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | 8.3.4 App-AL-EnableProxy.request <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | 8.4 Sec-AL Interface 8.4.1 Sec-AL-AccessControl.request 8.4.2 Sec-AL-AccessControl.confirm 8.4.3 Sec-AL-AccessControl.indication <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | 8.4.4 Sec-AL-EndSession.request 8.4.5 Sec-AL-EndSession.confirm 9 Secure session Services 9.1 General 9.2 App-Sess interfaces 9.2.1 App-Sess-EnableProxy.request <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | 9.3 Sec-Sess interface 9.3.1 Sec-Sess-Configure.request <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | 9.3.2 Sec-Sess-Configure.confirm 9.3.3 Sec-Sess-Start.indication <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | 9.3.4 Sec-Sess-EndSession.indication 9.3.5 Sec-Sess-Deactivate.request <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | 9.3.6 Sec-Sess-Deactivate.confirm 9.4 AL-Sess interface 9.4.1 AL-Sess-Data.request 9.4.2 AL-Sess-Data.confirm <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | 9.4.3 AL-Sess-Data.indication 9.4.4 AL-Sess-EndSession.request 9.4.5 AL-Sess-EndSession.confirm <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | 9.4.6 AL-Sess-ClientHelloProxy.request 9.4.7 AL-Sess-ClientHelloProxy.indication <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | 9.4.8 AL-Sess-ServerHelloProxy.request 9.4.9 AL-Sess-ServerHelloProxy.indication <\/td>\n<\/tr>\n | ||||||
| 97<\/td>\n | 9.5 Permitted mechanisms 9.5.1 TLS 1.3 <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | 9.5.2 DTLS 1.3 <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | Annex A (informative) Usage scenarios <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | Annex B (normative) ASN.1 module <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | Annex C (normative) Session extension PDU functional type <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | Annex D (normative) Owner authorization <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Intelligent transport systems. ITS station security services for secure session establishment and authentication between trusted devices<\/b><\/p>\n |