This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities:<\/p>\n
devices operated as bounded secured managed entities, i.e. “ITS Station Communication Units” (ITS-SCU) and “ITS station units” (ITS-SU) specified in ISO 21217<\/span><\/span> , and<\/p>\n<\/li>\n between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.<\/p>\n<\/li>\n<\/ul>\n These services include authentication and secure session establishment which are required to exchange information in a trusted and secure manner.<\/p>\n These services are essential for many ITS applications and services including time-critical safety applications, automated driving, remote management of ITS stations ( ISO 24102-2<\/span><\/span>[<\/sup> 5<\/sup><\/span>]<\/sup>), and roadside\/infrastructure related services.<\/p>\n Intelligent transport systems. ITS station security services for secure session establishment and authentication between trusted devices<\/b><\/p>\nPDF Catalog<\/h4>\n
\n
\n PDF Pages<\/th>\n PDF Title<\/th>\n<\/tr>\n \n 2<\/td>\n National foreword <\/td>\n<\/tr>\n \n 4<\/td>\n European foreword <\/td>\n<\/tr>\n \n 8<\/td>\n Foreword <\/td>\n<\/tr>\n \n 9<\/td>\n Introduction <\/td>\n<\/tr>\n \n 15<\/td>\n 1 Scope
2 Normative references
3 Terms and definitions <\/td>\n<\/tr>\n\n 16<\/td>\n 4 Symbols and abbreviated terms <\/td>\n<\/tr>\n \n 17<\/td>\n 5 Overview
5.1 Goals <\/td>\n<\/tr>\n\n 18<\/td>\n 5.2 Architecture and functional entities <\/td>\n<\/tr>\n \n 21<\/td>\n 5.3 Cryptomaterial handles
5.4 Session IDs and state <\/td>\n<\/tr>\n\n 22<\/td>\n 5.5 Access control and authorisation state
5.6 Application level non-repudiation
5.7 Service primitive conventions <\/td>\n<\/tr>\n\n 23<\/td>\n 6 Process flows and sequence diagrams
6.1 General
6.2 Overview of process flows <\/td>\n<\/tr>\n\n 24<\/td>\n 6.3 Sequence diagram conventions <\/td>\n<\/tr>\n \n 25<\/td>\n 6.4 Configure <\/td>\n<\/tr>\n \n 26<\/td>\n 6.5 Start Session <\/td>\n<\/tr>\n \n 28<\/td>\n 6.6 Send data <\/td>\n<\/tr>\n \n 31<\/td>\n 6.7 Send access control PDU <\/td>\n<\/tr>\n \n 32<\/td>\n 6.8 Receive PDU <\/td>\n<\/tr>\n \n 37<\/td>\n 6.9 Secure connection brokering
6.9.1 Goals <\/td>\n<\/tr>\n\n 38<\/td>\n 6.9.2 Prerequisites
6.9.3 Overview <\/td>\n<\/tr>\n\n 39<\/td>\n 6.9.4 Detailed specification <\/td>\n<\/tr>\n \n 47<\/td>\n 6.10 Force end session <\/td>\n<\/tr>\n \n 49<\/td>\n 6.11 Session terminated at session layer
6.12 Deactivate <\/td>\n<\/tr>\n\n 50<\/td>\n 6.13 Secure session example <\/td>\n<\/tr>\n \n 52<\/td>\n 7 Security Subsystem: interfaces and data types
7.1 General <\/td>\n<\/tr>\n\n 53<\/td>\n 7.2 Access control policy and state <\/td>\n<\/tr>\n \n 54<\/td>\n 7.3 Enhanced authentication
7.3.1 Definition and possible states
7.3.2 States for owner role enhanced authentication <\/td>\n<\/tr>\n\n 56<\/td>\n 7.3.3 State for accessor role enhanced authentication
7.3.4 Use by Access Control
7.3.5 Methods for providing enhanced authentication
7.3.6 Enhanced authentication using SPAKE2 <\/td>\n<\/tr>\n\n 57<\/td>\n 7.4 Extended authentication <\/td>\n<\/tr>\n \n 58<\/td>\n 7.5 Data types
7.5.1 General
7.5.2 Imports
7.5.3 Iso21177AccessControlPdu
7.5.4 AccessControlResult <\/td>\n<\/tr>\n\n 59<\/td>\n 7.5.5 ExtendedAuthPdu
7.5.6 ExtendedAuthRequest
7.5.7 InnerExtendedAuthRequest <\/td>\n<\/tr>\n\n 60<\/td>\n 7.5.8 AtomicExtendedAuthRequest
7.5.9 ExtendedAuthResponse <\/td>\n<\/tr>\n\n 61<\/td>\n 7.5.10 ExtendedAuthResponsePayload
7.5.11 EnhancedAuthPdu
7.5.12 SpakeRequest
7.5.13 SpakeResponse <\/td>\n<\/tr>\n\n 62<\/td>\n 7.5.14 SpakeRequesterResponse
7.6 App-Sec Interface
7.6.1 App-Sec-Configure.request <\/td>\n<\/tr>\n\n 63<\/td>\n 7.6.2 App-Sec-Configure.confirm
7.6.3 App-Sec-StartSession.indication <\/td>\n<\/tr>\n\n 64<\/td>\n 7.6.4 App-Sec-Data.request
7.6.5 App-Sec-Data.confirm <\/td>\n<\/tr>\n\n 65<\/td>\n 7.6.6 App-Sec-Incoming.request <\/td>\n<\/tr>\n \n 66<\/td>\n 7.6.7 App-Sec-Incoming.confirm
7.6.8 App-Sec-EndSession.request
7.6.9 App-Sec-EndSession.confirm
7.6.10 App-Sec-EndSession.indication <\/td>\n<\/tr>\n\n 67<\/td>\n 7.6.11 App-Sec-Deactivate.request
7.6.12 App-Sec-Deactivate.confirm <\/td>\n<\/tr>\n\n 68<\/td>\n 7.6.13 App-Sec-Deactivate.indication
7.7 Security Subsystem internal interface
7.7.1 General
7.7.2 Sec-AuthState.request <\/td>\n<\/tr>\n\n 69<\/td>\n 7.7.3 Sec-AuthState.confirm <\/td>\n<\/tr>\n \n 70<\/td>\n 8 Adaptor Layer: Interfaces and data types
8.1 General <\/td>\n<\/tr>\n\n 71<\/td>\n 8.2 Data types
8.2.1 General
8.2.2 Iso21177AdaptorLayerPDU
8.2.3 Apdu <\/td>\n<\/tr>\n\n 72<\/td>\n 8.2.4 Access Control
8.2.5 TlsClientMsg1
8.2.6 TlsServerMsg1
8.3 App-AL Interface
8.3.1 App-AL-Data.request <\/td>\n<\/tr>\n\n 73<\/td>\n 8.3.2 App-AL-Data.confirm
8.3.3 App-AL-Data.indication
8.3.4 App-AL-EnableProxy.request <\/td>\n<\/tr>\n\n 75<\/td>\n 8.4 Sec-AL Interface
8.4.1 Sec-AL-AccessControl.request <\/td>\n<\/tr>\n\n 76<\/td>\n 8.4.2 Sec-AL-AccessControl.confirm
8.4.3 Sec-AL-AccessControl.indication
8.4.4 Sec-AL-EndSession.request <\/td>\n<\/tr>\n\n 77<\/td>\n 8.4.5 Sec-AL-EndSession.confirm
9 Secure Session services
9.1 General
9.2 App-Sess interfaces
9.2.1 App-Sess-EnableProxy.request <\/td>\n<\/tr>\n\n 78<\/td>\n 9.3 Sec-Sess interface
9.3.1 Sec-Sess-Configure.request <\/td>\n<\/tr>\n\n 80<\/td>\n 9.3.2 Sec-Sess-Configure.confirm
9.3.3 Sec-Sess-Start.indication <\/td>\n<\/tr>\n\n 81<\/td>\n 9.3.4 Sec-Sess-EndSession.indication
9.3.5 Sec-Sess-Deactivate.request <\/td>\n<\/tr>\n\n 82<\/td>\n 9.3.6 Sec-Sess-Deactivate.confirm
9.4 AL-Sess interface
9.4.1 AL-Sess-Data.request
9.4.2 AL-Sess-Data.confirm
9.4.3 AL-Sess-Data.indication <\/td>\n<\/tr>\n\n 83<\/td>\n 9.4.4 AL-Sess-EndSession.request
9.4.5 AL-Sess-EndSession.confirm
9.4.6 AL-Sess-ClientHelloProxy.request <\/td>\n<\/tr>\n\n 84<\/td>\n 9.4.7 AL-Sess-ClientHelloProxy.indication <\/td>\n<\/tr>\n \n 85<\/td>\n 9.4.8 AL-Sess-ServerHelloProxy.request
9.4.9 AL-Sess-ServerHelloProxy.indication <\/td>\n<\/tr>\n\n 86<\/td>\n 9.4.10 AL-Sess-EndSession.request <\/td>\n<\/tr>\n \n 87<\/td>\n 9.4.11 AL-Sess-EndSession.confirm
9.5 Permitted mechanisms
9.5.1 TLS 1.3 <\/td>\n<\/tr>\n\n 88<\/td>\n 9.5.2 DTLS 1.3 <\/td>\n<\/tr>\n \n 89<\/td>\n Annex A (informative) Usage scenarios <\/td>\n<\/tr>\n \n 96<\/td>\n Annex B (normative) ASN.1 module <\/td>\n<\/tr>\n \n 97<\/td>\n Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" \n\n
\n Published By<\/td>\n Publication Date<\/td>\n Number of Pages<\/td>\n<\/tr>\n \n BSI<\/b><\/a><\/td>\n 2020<\/td>\n 98<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":231386,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[107,2641],"product_tag":[],"class_list":{"0":"post-231384","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-03-220-01","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/231384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/231386"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=231384"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=231384"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=231384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}