Cooperative intelligent transport systems (C-ITS) - Guidelines on the usage of standards - Part 3: Security (ISO/TR 21186-3:2021)

This document provides guidelines on security applicable in Intelligent Transport Systems (ITS) related
to communications and data access.
In particular, this document provides analyses and best practice content for secure ITS connectivity
using ISO/TS 21177.
This document analyses and identifies issues related to application security, access control, device
security and PKI for a secure ITS ecosystem.

Kooperative intelligente Verkehrssyteme (C-ITS) - Leitfäden zur Nutzung von Normen - Teil 3: Security (ISO/TR 21186-3:2021)

Systèmes de transport intelligents coopératifs (C-ITS) - Lignes directrices sur l'utilisation des normes - Partie 3: Sécurité (ISO/TR 21186-3:2021)

Kooperativni inteligentni transportni sistemi (C-ITS) - Smernice za uporabo standardov - 3. del: Varnost (ISO/TR 21186-3:2021)

General Information

Status
Published
Publication Date
15-Apr-2021
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
18-Mar-2021
Due Date
23-May-2021
Completion Date
16-Apr-2021

Buy Standard

Technical report
SIST-TP CEN ISO/TR 21186-3:2021 - BARVE
English language
135 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TP CEN ISO/TR 21186-3:2021
01-maj-2021
Kooperativni inteligentni transportni sistemi (C-ITS) - Smernice za uporabo
standardov - 3. del: Varnost (ISO/TR 21186-3:2021)

Cooperative intelligent transport systems (C-ITS) - Guidelines on the usage of standards

- Part 3: Security (ISO/TR 21186-3:2021)

Kooperative intelligente Verkehrssyteme (C-ITS) - Leitfäden zur Nutzung von Normen -

Teil 3: Security (ISO/TR 21186-3:2021)

Systèmes de transport intelligents coopératifs (C-ITS) - Lignes directrices sur l'utilisation

des normes - Partie 3: Sécurité (ISO/TR 21186-3:2021)
Ta slovenski standard je istoveten z: CEN ISO/TR 21186-3:2021
ICS:
01.120 Standardizacija. Splošna Standardization. General
pravila rules
03.220.01 Transport na splošno Transport in general
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
SIST-TP CEN ISO/TR 21186-3:2021 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
---------------------- Page: 2 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
CEN ISO/TR 21186-3
TECHNICAL REPORT
RAPPORT TECHNIQUE
February 2021
TECHNISCHER BERICHT
ICS 01.120; 03.220.01; 35.240.60
English Version
Cooperative intelligent transport systems (C-ITS) -
Guidelines on the usage of standards - Part 3: Security
(ISO/TR 21186-3:2021)

Systèmes de transport intelligents coopératifs (C-ITS) - Kooperative intelligente Verkehrssyteme (C-ITS) -

Lignes directrices pour l'utilisation des normes - Partie Leitfäden zur Nutzung von Normen - Teil 3: Security

3: Sécurité (ISO/TR 21186-3:2021) (ISO/TR 21186-3:2021)

This Technical Report was approved by CEN on 1 February 2021. It has been drawn up by the Technical Committee CEN/TC 278.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2021 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TR 21186-3:2021 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
CEN ISO/TR 21186-3:2021 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

---------------------- Page: 4 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
CEN ISO/TR 21186-3:2021 (E)
European foreword

This document (CEN ISO/TR 21186-3:2021) has been prepared by Technical Committee ISO/TC 204

"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent

transport systems” the secretariat of which is held by NEN.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

Endorsement notice

The text of ISO/TR 21186-3:2021 has been approved by CEN as CEN ISO/TR 21186-3:2021 without any

modification.
---------------------- Page: 5 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
---------------------- Page: 6 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
TECHNICAL ISO/TR
REPORT 21186-3
First edition
2021-02
Cooperative intelligent transport
systems (C-ITS) — Guidelines on the
usage of standards —
Part 3:
Security
Systèmes de transport intelligents coopératifs (C-ITS) - Lignes
directrices pour l'utilisation des normes —
Partie 3: Sécurité
Reference number
ISO/TR 21186-3:2021(E)
ISO 2021
---------------------- Page: 7 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 8 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Symbols and abbreviated terms ........................................................................................................................................................... 2

5 Security in C-ITS .................................................................................................................................................................................................... 4

5.1 General ........................................................................................................................................................................................................... 4

5.2 Security design process for C-ITS applications ........................................................................................................... 4

5.3 Communications security mechanisms in C-ITS ....................................................................................................... 5

5.4 Source authentication and access control mechanisms ...................................................................................... 7

5.5 Certificate authorities and certification processes ...............................................................................................10

5.6 Introduction to the rest of this document ....................................................................................................................11

6 Security analysis and controls for an IDX device .............................................................................................................12

6.1 Background .............................................................................................................................................................................................12

6.2 IDX device concept ............................................................................................................................................................................12

6.2.1 General...................................................................................................................................................................................12

6.2.2 System architecture and device .......................................................................................................................14

6.2.3 Threat modelling data scenarios and examples ................................................................................16

6.2.4 Assumed device functions and activities .................................................................................................19

6.3 Device assets ..........................................................................................................................................................................................22

6.4 Threats ........................................................................................................................................................................................................24

6.4.1 General...................................................................................................................................................................................24

6.4.2 Threat modelling process......................................................................................................................................25

6.4.3 Threat categories and actor motivations .................................................................................................25

6.4.4 Scenario comparison of threats .......................................................................................................................27

6.5 Security objectives ............................................................................................................................................................................29

6.5.1 Summary and comparison by scenario .....................................................................................................29

6.5.2 Analysis .................................................................................................................................................................................31

6.6 SFR and rationales ............................................................................................................................................................................32

6.7 Comparison to other common criteria PPs .................................................................................................................39

6.7.1 General...................................................................................................................................................................................39

6.7.2 Summary and analysis of gaps ..........................................................................................................................39

6.7.3 Gap analysis with Car2Car HSM PP ..............................................................................................................39

6.7.4 Gap analysis against V-ITS base PP ...............................................................................................................41

6.7.5 Gap analysis against V-ITS Comms Module PP ...................................................................................45

7 ISO/TS 21177 access control implementation guidance .........................................................................................45

7.1 General ........................................................................................................................................................................................................45

7.2 High level architecture and access scenario ...............................................................................................................46

7.3 Application protocol architecture and ISO/TS 21177 integration ..........................................................47

7.3.1 General...................................................................................................................................................................................47

7.3.2 Example protocol architecture .........................................................................................................................47

7.3.3 Protocol integration strategy .............................................................................................................................49

7.4 Access control policy structure ..............................................................................................................................................50

7.5 Access control approach ..............................................................................................................................................................51

7.6 Access control use cases and sequence diagrams .................................................................................................54

7.6.1 General...................................................................................................................................................................................54

7.6.2 Define an access policy ............................................................................................................................................54

7.6.3 Load an access control policy ............................................................................................................................58

7.6.4 Configure TLS ..................................................................................................................................................................62

7.6.5 Start a secure TLS session .....................................................................................................................................64

7.6.6 Secure access-controlled resource discovery ......................................................................................67

© ISO 2021 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)

7.6.7 Server controls access to UGP service based on role ....................................................................73

8 C-ITS CP security requirements gaps and needs ..............................................................................................................77

8.1 General ........................................................................................................................................................................................................77

8.2 Overview of European C-ITS CP ............................................................................................................................................78

8.3 PKI threat categories and mitigations .............................................................................................................................79

8.4 European C-ITS CP changes to support news C-ITS applications ............................................................90

8.4.1 General...................................................................................................................................................................................90

8.4.2 CP Section 1.6.1 ..............................................................................................................................................................90

8.4.3 CP Section 1.6.2 ..............................................................................................................................................................91

8.4.4 CP Section 6.1.5.2 .........................................................................................................................................................91

8.4.5 CP Section 4.1.2.4 .........................................................................................................................................................92

Annex A (informative) Scenario threats .........................................................................................................................................................93

Annex B (informative) Scenario security objectives to security functional requirements

mapping ..................................................................................................................................................................................................................107

Annex C (informative) Informative proposal for improvements of TS 21177:2019: CRL request 109

Annex D (informative) Informative proposal for complements to TS 21177:2019:

Ownership and access policy ............................................................................................................................................................116

Annex E (informative) Informative proposal for improvements of TS 21177:2019: Errata,

additional rationale material, and session persistence across certificate expiry.....................120

Bibliography .........................................................................................................................................................................................................................124

iv © ISO 2021 – All rights reserved
---------------------- Page: 10 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in

collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC

278, Intelligent transport systems, in accordance with the Agreement on technical cooperation between

ISO and CEN (Vienna Agreement).
A list of all parts in the ISO 21186 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2021 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
Introduction

This document provides informative material of interest to implementers deploying secure systems

to carry out ITS applications. ITS stations are rapidly maturing with regards to specification, use and

security conformance standards. In support of the ITS station ecosystem new standards have been

developed, such as ISO/TS 21177, which provide a framework for device-to-device secure sessions and

resource access authorization. Common criteria protection profiles have been developed and adopted

for use in distinctive European ITS service domains, such as automotive V2X safety services, as well as

a narrow set of infrastructure messaging based services.
NOTE ITS services are provided by means of ITS applications.

Given the diversity of anticipated ITS services and potential data sensitivities, this document was

constructed to provide ITS stakeholders with a holistic analysis and indication of possible extensions to

the ITS station security ecosystem.
This document includes the following sections:

1) An overview of security considerations for application specification and deployment in ITS. This

overview also provides a detailed rationale for the following sections.

2) A use-case driven threat model based roughly on common criteria processes in establishment of

threats, security objectives and SFR relative to three genericized ITS station data sensitivity and

access control scenarios. Each scenario can be used by security practitioners as a starting point to

baseline ITS station platform protection profiles of varying application types and data sensitivities.

The genericized protection profile security requirements are then compared to several existing (or

under development) protection profiles established for automotive use cases to determine possible

gaps in security controls that should be addressed when tailoring subsequent security targets or

related protection profiles.

3) An implementation example of the development of an access control policy implementation for an

ISO/TS 21177 conformant ITS station unit. The example access control policy is application-specific

and depends on many factors, including the type of ITS station unit on which the access control

policy is used. Consequently, this access control policy implementation example is not suitable for

being copy-pasted to the context of other ITS applications. Rather, the process described in this

example can be considered as a suitable template for a process aimed at creating an access control

policy for any ITS application running in an ISO/TS 21177 conformant unit.

4) Inputs for the development of a CP governing the issuance of certificates for ITS station units. A

CP is necessary for the deployment of a system to ensure consistent behaviour of different CAs (or,

more generally, credential issuance actors) within the system. This consistent behaviour enables

receiving devices to trust all received messages to the appropriate level, knowing that those

devices have been through the same certificate-issuing process no matter where the certificates

were obtained. In early 2019, the European Commission published a CP for use for "Day 1"

ITS applications, to be enforced by a top-level root of trust implemented in an entity called the

TLM. This document concludes with a set of high-level gaps and potential mitigations for ITS PKI

participants and implementers.

5) A description of additional functionality that extends the functionality of ISO/TS 21177. This

material is written in a manner which will enable it to be inserted into a future revision of

ISO/TS 21177.

These five areas of content significantly ease the process of deploying new ITS applications securely.

vi © ISO 2021 – All rights reserved
---------------------- Page: 12 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)

This document is forms part of the ISO 21186 series on "Guidelines on the usage of standards," which is

comprised of the following Parts:
1) Standardization landscape and releases;
2) Hybrid communications;
3) Security (this document).
© ISO 2021 – All rights reserved vii
---------------------- Page: 13 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
---------------------- Page: 14 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
TECHNICAL REPORT ISO/TR 21186-3:2021(E)
Cooperative intelligent transport systems (C-ITS) —
Guidelines on the usage of standards —
Part 3:
Security
1 Scope

This document provides guidelines on security applicable in Intelligent Transport Systems (ITS) related

to communications and data access.

In particular, this document provides analyses and best practice content for secure ITS connectivity

using ISO/TS 21177.

This document analyses and identifies issues related to application security, access control, device

security and PKI for a secure ITS ecosystem.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 27000, Information technology — Security techniques — Information security management —

Overview and vocabulary

ISO/IEC 27032, Information technology — Security techniques — Guidelines for cybersecurity

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 27000 and ISO/IEC 27032

and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
attack vector

extensible program-code-template for creating objects, providing initial values for state (member

variables) and implementations of behaviour (member functions or methods) in object-oriented

programming
© ISO 2021 – All rights reserved 1
---------------------- Page: 15 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
4 Symbols and abbreviated terms
AA authorization authority
ACL access control list
APDU application protocol data unit
API application programming interface
CA certificate authority
CAM cooperative awareness message
CP certificate policy
CPS certification practice statement
C-ITS cooperative intelligent transportation systems
COER canonical octet encoding rules
CPOC certification point of contact
CRL certificate revocation list
CTL certificate trust list
DEK data encryption key
DoS denial-of-service
EA enrolment authority
ECDSA elliptic curve digital signature algorithm
ECIES elliptic curve integrated encryption scheme
ECTL European certificate trust list
ECU electronic control unit
HSM hardware security module
IDX ITS data exchange
IVN in-vehicle network
ITS intelligent transport systems
ITS-AID ITS application object identifier
ITS-S ITS station
ITS-SU ITS station unit
IVIM infrastructure to vehicle information message
KEK key encryption key
MAPEM MAP extended massage
2 © ISO 2021 – All rights reserved
---------------------- Page: 16 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
ND nomadic device
NIST National Institute for Standards and Technology
OCSP online certificate status protocol
OEM original equipment manufacturer
PAKE password authenticated key exchanges
PDU protocol data unit
PII personally identifiable information
PKI public key infrastructure
PP protection profile
RSU roadside unit
SCMS security credentials management system
SCN sensor and control network
SDEE secure data exchange entity
SFR security functional requirements
SPaT signal phase and timing
SPaTEM SPaT extended message
SPDU secured protocol data unit
SPII sensitive or personally identifiable information
SREM signal request extended message
SSEM signal request status extended message
SSP service specific permission
TLM trust list manager
TOE target of evaluation
TSF TOE security functions
TVRA threat, vulnerability and risk analysis
UGP unified gateway protocol
V-ITS vehicle intelligent transport systems
VMS variable message sign
© ISO 2021 – All rights reserved 3
---------------------- Page: 17 ----------------------
SIST-TP CEN ISO/TR 21186-3:2021
ISO/TR 21186-3:2021(E)
5 Security in C-ITS
5.1 General

This subclause provides an overview of security in C-ITS and a rationale for the material in the rest of

the document.

Systems have functional goals, and also have security goals which support these functional goals. The

details of security goals depend on context, but high-level security goals are always the same:

— Provide assurance that parties within the system receive the right information necessary for

acheiving their functional goals.

— Provide assurance that parties who are not authorized to receive information do not receive that

information.

Systems use security controls to achieve their security goals. A security control is a specific mechanism

implemented as part of a strategy to achieve the security goal. (For ease of discussion, this document

also uses the concept of a security service. A security service is an identifier of the kind of action which

needs to be performed in order to achieve a security goal, while a control is concrete and implementable).

There are many different kinds of security c
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.