EN ISO 21177:2024
(Main)Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)
Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)
This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.:
— between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and
— between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.
Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren Aufbau von Sitzungen und zur Authentisierung zwischen vertrauenswürdigen Geräten (ISO 21177:2024)
Systèmes de transport intelligents - Services de sécurité des stations ITS pour l’établissement et l’authentification des sessions sécurisées entre dispositifs de confiance (ISO 21177:2024)
Le présent document contient les spécifications d'un ensemble de services de sécurité des stations ITS nécessaires pour garantir l'authenticité de la source et l'intégrité des informations échangées entre des entités de confiance, c'est-à-dire:
— entre des dispositifs exploités en tant qu'entités délimitées gérées de manière sécurisée, c'est-à-dire les «unités de communication de station ITS» (ITS-SCU) et les «unités de station ITS» (ITS-SU) comme spécifié dans l'ISO 21217; et
— entre les ITS-SU (composées d'une ou plusieurs ITS-SCU) et les entités de confiance externes telles que les réseaux de capteurs et de contrôle.
Ces services comprennent l'authentification et l'établissement de sessions sécurisées, nécessaires pour échanger des informations dans le cadre d'une relation de confiance et de manière sécurisée.
Ces services sont essentiels pour de nombreux services et applications de systèmes de transport intelligents (ITS), notamment les applications de sécurité revêtant un caractère d'urgence, la conduite automatisée, la gestion à distance des stations ITS (ISO 24102-2), et les services routiers liés aux infrastructures.
Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO 21177:2024)
Ta dokument vsebuje specifikacije za storitve varovanja postaj ITS, ki so potrebne za zagotovitev verodostojnosti vira in celovitosti informacij, izmenjanih med zaupanja vrednimi enotami, tj.:
– med napravami, ki delujejo kot omejene varovane upravljane enote, tj. »komunikacijske enote postaj ITS« (ITS-SCU) in »enote postaj ITS« (ITS-SU), kot je določeno v standardu ISO 21217, ter
– med enotami postaj ITS (sestavljenimi iz ene ali več komunikacijskih enot postaj ITS) ter zunanjimi zaupanja vrednimi enotami, kot so senzorska in nadzorna omrežja.
Te storitve vključujejo preverjanje pristnosti in varno vzpostavitev seje, ki sta potrebna za zaupno in varno izmenjavo informacij.
Te storitve so bistvene za številne aplikacije in storitve inteligentnih transportnih sistemov (ITS), vključno s časovno kritičnimi varnostnimi aplikacijami, samodejno vožnjo, daljinskim upravljanjem postaj ITS (ISO 24102-2) ter obcestnimi/infrastrukturnimi storitvami.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-junij-2024
Nadomešča:
SIST EN ISO 21177:2023
Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno
vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO
21177:2024)
Intelligent transport systems - ITS station security services for secure session
establishment and authentication between trusted devices (ISO 21177:2024)
Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren
Aufbau von Sitzungen und zur Authentisierung zwischen vertrauenswürdigen Geräten
(ISO 21177:2024)
Systèmes de transport intelligents - Services de sécurité des stations ITS pour
l’établissement et l’authentification des sessions sécurisées entre dispositifs de
confiance (ISO 21177:2024)
Ta slovenski standard je istoveten z: EN ISO 21177:2024
ICS:
03.220.01 Transport na splošno Transport in general
35.030 Informacijska varnost IT Security
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EN ISO 21177
EUROPEAN STANDARD
NORME EUROPÉENNE
March 2024
EUROPÄISCHE NORM
ICS 03.220.01; 35.240.60; 35.030 Supersedes EN ISO 21177:2023
English Version
Intelligent transport systems - ITS station security services
for secure session establishment and authentication
between trusted devices (ISO 21177:2024)
Systèmes de transport intelligents - Services de Intelligente Verkehrssysteme - Sicherheitsdienste für
sécurité des stations ITS pour l'établissement et eine ITS-Station zum sicheren Aufbau von Sitzungen
l'authentification des sessions sécurisées entre und zur Authentisierung zwischen
dispositifs de confiance (ISO 21177:2024) vertrauenswürdigen Geräten (ISO 21177:2024)
This European Standard was approved by CEN on 6 March 2024.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21177:2024 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
European foreword
This document (EN ISO 21177:2024) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2024, and conflicting national standards
shall be withdrawn at the latest by September 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 21177:2023.
Any feedback and questions on this document should be directed to the users’ national standards
body/national committee. A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Endorsement notice
The text of ISO 21177:2024 has been approved by CEN as EN ISO 21177:2024 without any modification.
International
Standard
ISO 21177
Second edition
Intelligent transport systems —
2024-03
ITS station security services for
secure session establishment
and authentication between
trusted devices
Systèmes de transport intelligents — Services de sécurité des
stations ITS pour l’établissement et l’authentification des sessions
sécurisées entre dispositifs de confiance
Reference number
ISO 21177:2024(en) © ISO 2024
ISO 21177:2024(en)
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO 21177:2024(en)
Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Overview . 4
5.1 General description, relationship to transport layer security (TLS) and relationship to
application specifications .4
5.2 Goals .5
5.3 Architecture and functional entities .5
5.4 Cryptomaterial handles .10
5.5 Session IDs and state .10
5.6 Access control and authorization state .11
5.7 Application level non-repudiation .11
5.8 Service primitive conventions .11
6 Process flows and sequence diagrams .12
6.1 General . 12
6.2 Overview of process flows . 12
6.3 Sequence diagram conventions . 13
6.4 Configure .14
6.5 Start session . 15
6.6 Send data .18
6.7 Send access control PDU .21
6.8 Receive PDU . 22
6.9 Extend session .27
6.9.1 Goals .27
6.9.2 Processing . 28
6.10 Secure connection brokering . 28
6.10.1 Goals . 28
6.10.2 Prerequisites . 28
6.10.3 Overview . 29
6.10.4 Detailed specification . 30
6.11 Force end session. 38
6.12 Session terminated at session layer . 39
6.13 Deactivate . 40
6.14 Secure session example .41
7 Security subsystem: interfaces and data types .43
7.1 General .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.