Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO/TS 21177:2019)

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities:
— devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) specified in ISO 21217, and
— between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many ITS applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2[5]), and roadside/infrastructure related services.

Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren Aufbau und Authentizierung einer Sitzung zwischen zuverlässigen Geräten (ISO/TS 21177:2019)

Systèmes intelligents de transport - Interface véhicule sécurisée - Services de sécurité de la station ITS pour l'établissement et l'authentification des sessions sécurisées (ISO/TS 21177:2019)

Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO/TS 21177:2019)

Ta dokument vsebuje specifikacije za storitve varovanja postaj ITS, ki so potrebne za zagotovitev verodostojnosti vira in celovitosti informacij, izmenjanih med zaupanja vrednimi enotami: – naprave, ki delujejo kot omejene varovane upravljane enote, tj. »komunikacijske enote postaje ITS« (ITS-SCU) in »enote postaj ITS« (ITS-SU), določene v standardu ISO 21217, in – med enotami ITS-SU (sestavljenimi iz ene ali več postaj ITS- SCU) ter zunanjo zaupanja vredno enoto, kot so senzorska in nadzorna omrežja. Te storitve vključujejo preverjanje pristnosti in varno vzpostavitev seje, ki sta potrebna za zaupno in varno izmenjavo informacij. Te storitve so bistvene za različne aplikacije ITS in storitve, vključno s časovno kritičnimi varnostnimi aplikacijami, samodejno vožnjo, daljinskim upravljanjem postaj ITS (ISO 24102-2 [5]) ter obcestnimi/infrastrukturnimi storitvami.

General Information

Status
Published
Publication Date
01-Oct-2019
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Due Date
02-Oct-2019
Completion Date
02-Oct-2019

Buy Standard

Technical specification
-TS CEN ISO/TS 21177:2019 - BARVE na PDF-str 14,95,96
English language
97 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TS CEN ISO/TS 21177:2019
01-december-2019
Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno
vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami
(ISO/TS 21177:2019)
Intelligent transport systems - ITS station security services for secure session
establishment and authentication between trusted devices (ISO/TS 21177:2019)

Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren

Aufbau und Authentizierung einer Sitzung zwischen zuverlässigen Geräten (ISO/TS
21177:2019)

Systèmes intelligents de transport - Interface véhicule sécurisée - Services de sécurité

de la station ITS pour l'établissement et l'authentification des sessions sécurisées

(ISO/TS 21177:2019)
Ta slovenski standard je istoveten z: CEN ISO/TS 21177:2019
ICS:
03.220.01 Transport na splošno Transport in general
35.030 Informacijska varnost IT Security
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
SIST-TS CEN ISO/TS 21177:2019 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN ISO/TS 21177:2019
---------------------- Page: 2 ----------------------
SIST-TS CEN ISO/TS 21177:2019
CEN ISO/TS 21177
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
October 2019
TECHNISCHE SPEZIFIKATION
ICS 03.220.01; 35.030; 35.240.60
English Version
Intelligent transport systems - ITS station security services
for secure session establishment and authentication
between trusted devices (ISO/TS 21177:2019)

Systèmes intelligents de transport - Interface véhicule Intelligente Verkehrssysteme - Sicherheitsdienste für

sécurisée - Services de sécurité de la station ITS pour eine ITS-Station zum sicheren Aufbau und

l'établissement et l'authentification des sessions Authentizierung einer Sitzung zwischen zuverlässigen

sécurisées (ISO/TS 21177:2019) Geräten (ISO/TS 21177:2019)

This Technical Specification (CEN/TS) was approved by CEN on 13 August 2019 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to

submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS

available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in

parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TS 21177:2019 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN ISO/TS 21177:2019
CEN ISO/TS 21177:2019 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

---------------------- Page: 4 ----------------------
SIST-TS CEN ISO/TS 21177:2019
CEN ISO/TS 21177:2019 (E)
European foreword

This document (CEN ISO/TS 21177:2019) has been prepared by Technical Committee ISO/TC 204

"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent

transport systems” the secretariat of which is held by NEN.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

This document has been prepared under a mandate given to CEN by the European Commission and the

European Free Trade Association.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the

United Kingdom.
Endorsement notice

The text of ISO/TS 21177:2019 has been approved by CEN as CEN ISO/TS 21177:2019 without any

modification.
---------------------- Page: 5 ----------------------
SIST-TS CEN ISO/TS 21177:2019
---------------------- Page: 6 ----------------------
SIST-TS CEN ISO/TS 21177:2019
TECHNICAL ISO/TS
SPECIFICATION 21177
First edition
2019-08
Intelligent transport systems —
ITS station security services for
secure session establishment and
authentication between trusted devices
Reference number
ISO/TS 21177:2019(E)
ISO 2019
---------------------- Page: 7 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................vi

Introduction ..............................................................................................................................................................................................................................vii

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Symbols and abbreviated terms ........................................................................................................................................................... 2

5 Overview ....................................................................................................................................................................................................................... 3

5.1 Goals ................................................................................................................................................................................................................. 3

5.2 Architecture and functional entities ..................................................................................................................................... 4

5.3 Cryptomaterial handles ................................................................................................................................................................... 7

5.4 Session IDs and state ......................................................................................................................................................................... 7

5.5 Access control and authorisation state .............................................................................................................................. 8

5.6 Application level non-repudiation ......................................................................................................................................... 8

5.7 Service primitive conventions ................................................................................................................................................... 8

6 Process flows and sequence diagrams ........................................................................................................................................... 9

6.1 General ........................................................................................................................................................................................................... 9

6.2 Overview of process flows ............................................................................................................................................................ 9

6.3 Sequence diagram conventions .............................................................................................................................................10

6.4 Configure ...................................................................................................................................................................................................11

6.5 Start Session ...........................................................................................................................................................................................12

6.6 Send data ...................................................................................................................................................................................................14

6.7 Send access control PDU ..............................................................................................................................................................17

6.8 Receive PDU ............................................................................................................................................................................................18

6.9 Secure connection brokering ...................................................................................................................................................23

6.9.1 Goals ........................................................................................................................................................................................23

6.9.2 Prerequisites ....................................................................................................................................................................24

6.9.3 Overview ..............................................................................................................................................................................24

6.9.4 Detailed specification ...............................................................................................................................................25

6.10 Force end session ...............................................................................................................................................................................33

6.11 Session terminated at session layer ...................................................................................................................................35

6.12 Deactivate .................................................................................................................................................................................................35

6.13 Secure session example ................................................................................................................................................................36

7 Security Subsystem: interfaces and data types ..................................................................................................................38

7.1 General ........................................................................................................................................................................................................38

7.2 Access control policy and state ..............................................................................................................................................39

7.3 Enhanced authentication ............................................................................................................................................................40

7.3.1 Definition and possible states ...........................................................................................................................40

7.3.2 States for owner role enhanced authentication .................................................................................40

7.3.3 State for accessor role enhanced authentication ..............................................................................41

7.3.4 Use by Access Control ...............................................................................................................................................42

7.3.5 Methods for providing enhanced authentication .............................................................................42

7.3.6 Enhanced authentication using SPAKE2 ..................................................................................................42

7.4 Extended authentication .............................................................................................................................................................43

7.5 Data types .................................................................................................................................................................................................44

7.5.1 General...................................................................................................................................................................................44

7.5.2 Imports ..................................................................................................................................................................................44

7.5.3 Iso21177AccessControlPdu ................................................................................................................................44

7.5.4 AccessControlResult ..................................................................................................................................................44

7.5.5 ExtendedAuthPdu ........................................................................................................................................................44

7.5.6 ExtendedAuthRequest .............................................................................................................................................45

7.5.7 InnerExtendedAuthRequest ...............................................................................................................................45

7.5.8 AtomicExtendedAuthRequest ...........................................................................................................................46

© ISO 2019 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

7.5.9 ExtendedAuthResponse ..........................................................................................................................................46

7.5.10 ExtendedAuthResponsePayload ......................................................................................................................46

7.5.11 EnhancedAuthPdu .......................................................................................................................................................47

7.5.12 SpakeRequest...................................................................................................................................................................47

7.5.13 SpakeResponse ...............................................................................................................................................................47

7.5.14 SpakeRequesterResponse .....................................................................................................................................48

7.6 App-Sec Interface ...............................................................................................................................................................................48

7.6.1 App-Sec-Configure.request ..................................................................................................................................48

7.6.2 App-Sec-Configure.confirm..................................................................................................................................49

7.6.3 App-Sec-StartSession.indication .....................................................................................................................49

7.6.4 App-Sec-Data.request ...............................................................................................................................................50

7.6.5 App-Sec-Data.confirm ........................................................................................................................................... ....50

7.6.6 App-Sec-Incoming.request ...................................................................................................................................51

7.6.7 App-Sec-Incoming.confirm ..................................................................................................................................51

7.6.8 App-Sec-EndSession.request ..............................................................................................................................52

7.6.9 App-Sec-EndSession.confirm .............................................................................................................................52

7.6.10 App-Sec-EndSession.indication........................................................................................................................52

7.6.11 App-Sec-Deactivate.request ................................................................................................................................53

7.6.12 App-Sec-Deactivate.confirm ................................................................................................................................53

7.6.13 App-Sec-Deactivate.indication ..........................................................................................................................53

7.7 Security Subsystem internal interface .............................................................................................................................54

7.7.1 General...................................................................................................................................................................................54

7.7.2 Sec-AuthState.request ..............................................................................................................................................54

7.7.3 Sec-AuthState.confirm ........................................................................................................................................... ...55

8 Adaptor Layer: Interfaces and data types ................................................................................................................................55

8.1 General ........................................................................................................................................................................................................55

8.2 Data types .................................................................................................................................................................................................56

8.2.1 General...................................................................................................................................................................................56

8.2.2 Iso21177AdaptorLayerPDU ................................................................................................................................56

8.2.3 Apdu ...................................................................... ...................................................................................................................57

8.2.4 Access Control .................................................................................................................................................................57

8.2.5 TlsClientMsg1 ..................................................................................................................................................................57

8.2.6 TlsServerMsg1 ................................................................................................................................................................57

8.3 App-AL Interface ................................................................................................................................................................................57

8.3.1 App-AL-Data.request .................................................................................................................................................57

8.3.2 App-AL-Data.confirm ................................................................................................................................................58

8.3.3 App-AL-Data.indication ..........................................................................................................................................58

8.3.4 App-AL-EnableProxy.request .............................................................................................................................59

8.4 Sec-AL Interface ..................................................................................................................................................................................61

8.4.1 Sec-AL-AccessControl.request...........................................................................................................................61

8.4.2 Sec-AL-AccessControl.confirm ..........................................................................................................................61

8.4.3 Sec-AL-AccessControl.indication ....................................................................................................................61

8.4.4 Sec-AL-EndSession.request .................................................................................................................................62

8.4.5 Sec-AL-EndSession.confirm.................................................................................................................................62

9 Secure Session services ..............................................................................................................................................................................62

9.1 General ........................................................................................................................................................................................................62

9.2 App-Sess interfaces ..........................................................................................................................................................................62

9.2.1 App-Sess-EnableProxy.request .........................................................................................................................62

9.3 Sec-Sess interface ...............................................................................................................................................................................63

9.3.1 Sec-Sess-Configure.request ..................................................................................................................................63

9.3.2 Sec-Sess-Configure.confirm .................................................................................................................................65

9.3.3 Sec-Sess-Start.indication ........................................................................................................................................65

9.3.4 Sec-Sess-EndSession.indication .......................................................................................................................66

9.3.5 Sec-Sess-Deactivate.request ................................................................................................................................66

9.3.6 Sec-Sess-Deactivate.confirm ...............................................................................................................................67

9.4 AL-Sess interface ................................................................................................................................................................................67

9.4.1 AL-Sess-Data.request ................................................................................................................................................67

iv © ISO 2019 – All rights reserved
---------------------- Page: 10 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

9.4.2 AL-Sess-Data.confirm................................................................................................................................................67

9.4.3 AL-Sess-Data.indication ..........................................................................................................................................68

9.4.4 AL-Sess-EndSession.request ...............................................................................................................................68

9.4.5 AL-Sess-EndSession.confirm ..............................................................................................................................68

9.4.6 AL-Sess-ClientHelloProxy.request .................................................................................................................69

9.4.7 AL-Sess-ClientHelloProxy.indication ...........................................................................................................69

9.4.8 AL-Sess-ServerHelloProxy.request ................................................................................................................70

9.4.9 AL-Sess-ServerHelloProxy.indication ..........................................................................................................70

9.4.10 AL-Sess-EndSession.request ...............................................................................................................................71

9.4.11 AL-Sess-EndSession.confirm ..............................................................................................................................72

9.5 Permitted mechanisms .................................................................................................................................................................72

9.5.1 TLS 1.3 ...................................................................................................................................................................................72

9.5.2 DTLS 1.3................................................................................................................................................................................73

Annex A (informative) Usage scenarios ..........................................................................................................................................................74

Annex B (normative) ASN.1 module ...................................................................................................................................................................81

Bibliography .............................................................................................................................................................................................................................82

© ISO 2019 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.