第1页 / 共23页
第2页 / 共23页
第3页 / 共23页
第4页 / 共23页
第5页 / 共23页
第6页 / 共23页
第7页 / 共23页
第8页 / 共23页
欧洲车辆通信安全标准.pdf
Intellectual Property Rights
Foreword
Modal verbs terminology
Introduction
1 Scope
2 References
2.1 Normative references
2.2 Informative references
3 Abbreviations
4 Basic format elements
5 Specification of secure data structure
5.1 EtsiTs103097Data
5.2 SignedData
5.3 EncryptedData
6 Specification of certificate format
7 Security profiles
7.1 Profiles for messages
7.1.1 Security profile for CAMs
7.1.2 Security profile for DENMs
7.1.3 Generic security profile for other signed messages
7.1.4 Security profile for encrypted messages
7.1.5 Security profile for signed and encrypted messages
7.2 Profiles for certificates
7.2.1 Authorization tickets
7.2.2 Enrolment credential
7.2.3 Root CA certificates
7.2.4 Subordinate certification authority certificates
7.2.5 Trust List Manager certificate
Annex A (normative): ASN.1 Modules
A.1 ETSI TS 103 097 ASN.1 Module
A.2 IEEE 1609.2 ASN.1 modules
History
ETSI TS 103 097 V1.3.1 (2017-10)
TECHNICAL SPECIFICATION
Intelligent Transport Systems (ITS);
Security;
Security header and certificate formats
2
ETSI TS 103 097 V1.3.1 (2017-10)
Reference
RTS/ITS-00540
Keywords
ITS, privacy, protocol, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2017.
All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
3GPPTM and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
GSM® and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
Contents
3
ETSI TS 103 097 V1.3.1 (2017-10)
Intellectual Property Rights ................................................................................................................................ 4
Foreword ............................................................................................................................................................. 4
Modal verbs terminology .................................................................................................................................... 4
Introduction ........................................................................................................................................................ 4
1
2
2.1
2.2
3
4
5
5.1
5.2
5.3
6
Scope ........................................................................................................................................................ 5
References ................................................................................................................................................ 5
Normative references ......................................................................................................................................... 5
Informative references ........................................................................................................................................ 5
Abbreviations ........................................................................................................................................... 5
Basic format elements .............................................................................................................................. 6
Specification of secure data structure ....................................................................................................... 6
EtsiTs103097Data .............................................................................................................................................. 6
SignedData ......................................................................................................................................................... 7
EncryptedData .................................................................................................................................................... 8
Specification of certificate format ............................................................................................................ 8
7
7.1
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.2
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
Security profiles ....................................................................................................................................... 9
Profiles for messages .......................................................................................................................................... 9
Security profile for CAMs ............................................................................................................................ 9
Security profile for DENMs........................................................................................................................ 10
Generic security profile for other signed messages .................................................................................... 10
Security profile for encrypted messages ..................................................................................................... 10
Security profile for signed and encrypted messages ................................................................................... 10
Profiles for certificates ..................................................................................................................................... 10
Authorization tickets ................................................................................................................................... 10
Enrolment credential ................................................................................................................................... 11
Root CA certificates.................................................................................................................................... 11
Subordinate certification authority certificates ........................................................................................... 11
Trust List Manager certificate ..................................................................................................................... 12
ASN.1 Modules ............................................................................................... 13
Annex A (normative):
A.1 ETSI TS 103 097 ASN.1 Module .......................................................................................................... 13
A.2
IEEE 1609.2 ASN.1 modules ................................................................................................................. 14
History .............................................................................................................................................................. 23
ETSI
4
ETSI TS 103 097 V1.3.1 (2017-10)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport Systems
(ITS).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Security policies require that data structures such as messages used in Intelligent Transport Systems are secured when
stored or transferred. For interoperability reasons, a common format for secure data structures featuring security headers
and public key certificates needs to be provided.
The present document provides these definitions as a profile of the base standard IEEE Std 1609.2 TM -2016 and its
amendment IEEE 1609.2a TM-2017 [1]. A profile makes use of the definitions in the base standard and defines the use of
particular subsets or options available in the base standard. This implies that the present document is to be read and
interpreted together with that base standard.
The present document contains material from IEEE Std 1609.2-2016 [1] and its amendment(s), reprinted with
permission from IEEE, and Copyright © 2016.
ETSI
5
ETSI TS 103 097 V1.3.1 (2017-10)
Scope
1
The present document specifies the secure data structure including header and certificate formats for Intelligent
Transport Systems.
2
References
2.1
Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1]
[2]
[3]
IEEE Std 1609.2™-2016: "IEEE Standard for Wireless Access in Vehicular Environments --
Security Services for Applications and Management Messages", as amended by IEEE
Std 1609.2a™-2017: "Standard for Wireless Access In Vehicular Environments -- Security
Services for Applications and Management Messages Amendment 1".
ETSI TS 102 965: "Intelligent Transport Systems (ITS); Application Object Identifier (ITS-AID);
Registration".
Recommendation ITU-T X.696 (08/2014): "Information Technology-Specification of Octet
Encoding Rules (OER)".
2.2
Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1]
[i.2]
ETSI TS 102 940: "Intelligent Transport Systems (ITS); Security; ITS communications security
architecture and security management".
ETSI TS 102 941: "Intelligent Transport Systems (ITS); Security; Trust and Privacy
Management".
Abbreviations
3
For the purposes of the present document, the following abbreviations apply:
AA
ASN.1
AT
Authorization Authority
Abstract Syntax Notation One
Authorization Ticket
ETSI
6
ETSI TS 103 097 V1.3.1 (2017-10)
CA
CAM
COER
CRL
CTL
DENM
EA
ECDSA
ECIES
ITS
ITS-AID
ITS-S
SSP
TLM
Certification Authority
Cooperative Awareness Message
Canonical Octet Encoding Rules
Certificate Revocation List
Certificate Trust List
Decentralized Environmental Notification Message
Enrolment Authority
Elliptic Curve Digital Signature Algorithm
Elliptic Curve Integrated Encryption Scheme
Intelligent Transport Systems
ITS Application ID
Intelligent Transport Systems Station
Service Specific Permissions
Trust List Manager
Basic format elements
4
Data structures in the present document are defined using Abstract Syntax Notation 1 (ASN.1) and shall be encoded
using the Canonical Octet Encoding Rules (COER) as defined in Recommendation ITU-T X.696 [3]. This includes
some data structures in the present document for which a "canonical encoding" is used as defined in IEEE
Std 1609.2 [1].
Clause 5 and 6 specify and describe the data structures with reference to IEEE Std 1609.2 [1]. The corresponding
ASN.1 module is defined in annex A.
The validity of a certificate shall be assessed as defined in IEEE Std 1609.2 [1] clause 5.1, using the Hash ID-based
revocation method for EA and AA certificates, and no revocation method for authorization tickets and enrolment
credentials.
NOTE 1: The CRL for EA and AA certificates is defined in ETSI TS 102 941 [i.2].
NOTE 2: The rules for verification of the Root CA certificate against the CTL are defined in ETSI
TS 102 941 [i.2].
The validity of signed data shall be assessed as defined in IEEE Std 1609.2 [1] clause 5.2.
5
Specification of secure data structure
5.1
EtsiTs103097Data
A secure data structure shall be of type EtsiTs103097Data as defined in annex A, which corresponds to a
Ieee1609Dot2Data as defined in IEEE Std 1609.2 [1] clause 6.3.2, with the constraints defined in this clause, in
clause 5.2 and in clause 5.3.
The type Ieee1609Dot2Data shall support the following options in the component content:
•
•
•
The option unsecuredData shall be used to encapsulate an unsecured data structure.
The option signedData, corresponding to the type SignedData as defined in IEEE Std 1609.2 [1]
clause 6.3.4, shall be used to transfer a data structure with a signature.
The option encryptedData, corresponding to the type EncryptedData as defined in IEEE
Std 1609.2 [1] clause 6.3.30, shall be used to transfer an encrypted data structure.
The following corresponding profiles of the type EtsiTs103097Data are defined in annex A:
•
The parameterized type EtsiTs103097Data-Signed using the Ieee1609Dot2Data option signedData
containing the data structure in the component tbdData.payload.data.
ETSI
•
•
•
7
ETSI TS 103 097 V1.3.1 (2017-10)
The parameterized type EtsiTs103097Data-SignedExternalPayload using the
Ieee1609Dot2Data option signedData containing the digest of the data structure in the component
tbdData.payload.extDataHash.
The parameterized type EtsiTs103097Data-Encrypted, using the Ieee1609Dot2Data option
encryptedData containing the encrypted data structure in the component
ciphertext.aes128ccm.ccmCiphertext.
The parameterized type EtsiTs103097Data- SignedAndEncrypted, using the
Ieee1609Dot2Data option EncryptedData, containing an encrypted EtsiTs103097Data-
Signed.
5.2
SignedData
The type SignedData shall have the following constraints:
The component hashId of SignedData shall indicate the hash algorithm to be used to generate the hash of the
message according to IEEE Std 1609.2 [1] clauses 6.3.5 and 5.3.3.
The component tbsData of SignedData shall be of type ToBeSignedData as defined in IEEE Std 1609.2 [1]
clause 6.3.6. The type ToBeSignedData shall have the component payload of type SignedDataPayload as
defined in IEEE Std 1609.2 [1] clause 6.3.7, containing either:
•
•
the component data, containing the payload to be signed as an Ieee1609Dot2Data, or
the component extDataHash, containing the hash of data that is not explicitly transported within the
structure.
The type ToBeSignedData shall have the component headerInfo of type HeaderInfo as defined in IEEE
Std 1609.2 [1] clause 6.3.9, and constrained to have the following security headers:
•
•
•
•
•
•
•
•
•
The component psid containing the ITS-AID corresponding to the contained message.
The component generationTime as defined in IEEE Std 1609.2 [1], always present.
The component expiryTime, as defined in IEEE Std 1609.2 [1], present or absent according to the
specification of message profiles in clause 7.
The component generationLocation, as defined in IEEE Std 1609.2 [1], present or absent according to
the specification of message profiles in clause 7.
The component p2pcdLearningRequest always absent.
The component missingCrlIdentifier always absent.
The component encryptionKey, as defined in IEEE Std 1609.2 [1], present or absent according to the
specification of message profiles in clause 7.
The component inlineP2pcdRequest, as defined in IEEE Std 1609.2 [1], present or absent according to
the specification of message profiles in clause 7.
The component requestedCertificate, as defined in IEEE Std 1609.2 [1], present or absent according
to the specification of message profiles in clause 7.
The component signer of SignedData shall be of type SignerIdentifier as defined in IEEE Std 1609.2 [1]
clause 6.3.24, and constrained to one of the following choices:
•
•
digest, containing the digest of the signing certificate as defined in IEEE Std 1609.2 [1] clause 6.3.26.
certificate, constrained to only one entry in the SequenceOfCertificate list of type
TS103097Certificate, containing the signing certificate as defined in clause 6 of the present document.
ETSI
8
ETSI TS 103 097 V1.3.1 (2017-10)
The component signature of SignedData shall be of type Signature as defined in IEEE Std 1609.2 [1]
clause 6.3.28 and shall contain the ECDSA signature as defined in IEEE Std 1609.2 [1] clauses 6.3.29, 6.3.29a and
5.3.1.
5.3
EncryptedData
The type EncryptedData shall have the following constraints:
The component recipients of EncryptedData shall be of type SequenceOfRecipientInfo as defined in
IEEE Std 1609.2 [1] clause 6.3.31. Every entry shall be either of option pskRecipInfo as defined in IEEE
Std 1609.2 [1] clause 6.3.32, of option certRecipInfo, or of option signedDataRecipInfo, as defined in
IEEE Std 1609.2 [1] clause 6.3.34.
The encryption scheme used shall be ECIES as defined in IEEE Std 1609.2 [1] clause 5.3.5. The component
ciphertext of EncryptedData shall be of type SymmetricCiphertext as defined in IEEE Std 1609.2 [1]
clause 6.3.37 and contain a EtsiTs103097Data encrypted according to IEEE Std 1609.2 [1] clauses 6.3.38 and
5.3.8.
Specification of certificate format
6
A certificate contained in a secure data structure shall be of type EtsiTs103097Certificate as defined in
annex A, which corresponds to a single ExplicitCertificate as defined in IEEE Std 1609.2 [1] clause 6.4.6,
with the constraints defined in this clause.
The component toBeSigned of the type EtsiTs103097Certificate shall be of type
ToBeSignedCertificate as defined in IEEE Std 1609.2 [1] clause 6.4.8 and constrained as follows:
•
•
•
•
•
•
•
•
•
•
•
•
•
The component id of type CertificateId constrained to choice type name or none.
The component cracaId set to 000000'H.
The component crlSeries set to 0'D.
The component validityPeriod with no further constraints.
The component region of type GeographicRegion as defined in IEEE Std 1609.2 [1], present or absent
according to the specification of certificate profiles in clause 7.
The component assuranceLevel of type SubjectAssurance, as defined in IEEE Std 1609.2 [1],
present or absent according to the specification of certificate profiles in clause 7.
The component appPermissions of type SequenceOfPsidSsp as defined in IEEE Std 1609.2 [1],
present or absent according to the specification of certificate profiles in clause 7.
The component certIssuePermissions of type SequenceOfPsidGroupPermissions, as defined
in IEEE Std 1609.2 [1], present or absent according to the specification of certificate profiles in clause 7.
At least one of the components appPermissions and certIssuePermissions shall be present.
The component certRequestPermissions absent.
The component canRequestRollover absent.
The component encryptionKey of type PublicEncryptionKey as defined in IEEE Std 1609.2 [1],
present or absent according to the specification of certificate profiles in clause 7.
The component verifyKeyIndicator of type VerificationKeyIndicator as defined in IEEE
Std 1609.2 [1], present and constrained to the choice verificationKey.
ETSI
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
