iTeh Standards logo
EURUSD
Your shopping cart is empty.
CEN

EN ISO 21177:2024

(Main)

Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)

Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.:
—     between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and
—     between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks.
These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner.
These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren Aufbau von Sitzungen und zur Authentisierung zwischen vertrauenswürdigen Geräten (ISO 21177:2024)

Systèmes de transport intelligents - Services de sécurité des stations ITS pour l’établissement et l’authentification des sessions sécurisées entre dispositifs de confiance (ISO 21177:2024)

Le présent document contient les spécifications d'un ensemble de services de sécurité des stations ITS nécessaires pour garantir l'authenticité de la source et l'intégrité des informations échangées entre des entités de confiance, c'est-à-dire:
—     entre des dispositifs exploités en tant qu'entités délimitées gérées de manière sécurisée, c'est-à-dire les «unités de communication de station ITS» (ITS-SCU) et les «unités de station ITS» (ITS-SU) comme spécifié dans l'ISO 21217; et
—     entre les ITS-SU (composées d'une ou plusieurs ITS-SCU) et les entités de confiance externes telles que les réseaux de capteurs et de contrôle.
Ces services comprennent l'authentification et l'établissement de sessions sécurisées, nécessaires pour échanger des informations dans le cadre d'une relation de confiance et de manière sécurisée.
Ces services sont essentiels pour de nombreux services et applications de systèmes de transport intelligents (ITS), notamment les applications de sécurité revêtant un caractère d'urgence, la conduite automatisée, la gestion à distance des stations ITS (ISO 24102-2), et les services routiers liés aux infrastructures.

Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO 21177:2024)

Ta dokument vsebuje specifikacije za storitve varovanja postaj ITS, ki so potrebne za zagotovitev verodostojnosti vira in celovitosti informacij, izmenjanih med zaupanja vrednimi enotami, tj.:
–    med napravami, ki delujejo kot omejene varovane upravljane enote, tj. »komunikacijske enote postaj ITS« (ITS-SCU) in »enote postaj ITS« (ITS-SU), kot je določeno v standardu ISO 21217, ter
–    med enotami postaj ITS (sestavljenimi iz ene ali več komunikacijskih enot postaj ITS) ter zunanjimi zaupanja vrednimi enotami, kot so senzorska in nadzorna omrežja.
Te storitve vključujejo preverjanje pristnosti in varno vzpostavitev seje, ki sta potrebna za zaupno in varno izmenjavo informacij.
Te storitve so bistvene za številne aplikacije in storitve inteligentnih transportnih sistemov (ITS), vključno s časovno kritičnimi varnostnimi aplikacijami, samodejno vožnjo, daljinskim upravljanjem postaj ITS (ISO 24102-2) ter obcestnimi/infrastrukturnimi storitvami.

General Information

Status
Published
Publication Date
26-Mar-2024
ICS
03.220.01 - Transport in general
35.030 - IT Security
35.240.60 - IT applications in transport
Technical Committee
CEN/TC 278 - Road transport and traffic telematics
Drafting Committee
CEN/TC 278/WG 16 - Co-operative systems
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
27-Mar-2024
Completion Date
27-Mar-2024
Ref Project
SIST EN ISO 21177:2024 - Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)

Relations

Replaces
EN ISO 21177:2023 - Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2023)
Effective Date
14-Jun-2023

Overview

EN ISO 21177:2024 (ISO 21177:2024) defines ITS station security services for secure session establishment and authentication between trusted devices. It specifies the services required to ensure authenticity of the source and integrity of information exchanged between ITS station communication units (ITS‑SCU), ITS station units (ITS‑SU), and external trusted entities such as sensor and control networks. The standard covers session lifecycle, cryptomaterial handling, access control state, and interfaces needed so ITS applications can exchange information in a trusted, auditable way.

Keywords: ITS station security services, secure session establishment, authentication, ISO 21177:2024, ITS‑SCU, ITS‑SU, ITS security.

Key Topics and Technical Requirements

  • Session establishment and authentication: Procedures and primitives for initiating, extending and terminating secure sessions between trusted ITS entities.
  • Architecture and functional entities: Roles and relationships for ITS‑SCU and ITS‑SU components and external trusted devices.
  • Cryptomaterial handles and session state: Management of keys, certificates and session identifiers to protect confidentiality, integrity and authenticity.
  • Access control and authorization: Policy models and access-control PDUs to enforce role-based access and authorization state.
  • Enhanced and extended authentication: Support for stronger authentication methods (document references include SPAKE2 as an option) and mechanisms for owner/accessor roles.
  • Interoperability with TLS and application specs: Guidance on relationship to Transport Layer Security (TLS) and higher-level ITS application requirements.
  • Process flows and sequence diagrams: Detailed flows (configure, start session, send/receive PDUs, extend/force end sessions) to support implementation and testing.
  • Security subsystem interfaces and data types: Defined primitives, PDUs and data models for implementers and vendors.

Practical Applications and Who Uses It

This standard is essential for ITS deployments that require trusted, time-sensitive communications, including:

  • Automated driving systems requiring secure vehicle-to-infrastructure/vehicle-to-vehicle exchanges.
  • Time-critical safety applications (collision avoidance, emergency braking coordination).
  • Roadside infrastructure and traffic management for secure telemetry and control of sensors, signals and controllers.
  • Remote management of ITS stations (referenced ISO 24102-2) for secure maintenance and diagnostics.
  • Vehicle OEMs, tier‑1 suppliers, ITS integrators, cybersecurity engineers, and infrastructure operators implementing interoperable, standards-based security services.

Keywords: automated driving security, ITS cybersecurity, secure ITS sessions, remote management ITS.

Related Standards (if applicable)

  • ISO 21217 - ITS station architecture (defines ITS‑SCU and ITS‑SU terms referenced by ISO 21177).
  • ISO 24102‑2 - Remote management of ITS stations (related application use case).
  • Relationship and guidance regarding TLS are discussed to align session-layer security with ITS application needs.

Use ISO 21177:2024 to design, evaluate and implement secure session and authentication services that meet regulatory and operational requirements across ITS ecosystems.

EN ISO 21177:2024 - BARVEEN ISO 21177:2024 - BARVE
PreviousNext
Standard
EN ISO 21177:2024 - BARVE
English language
113 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Frequently Asked Questions

EN ISO 21177:2024 is a standard published by the European Committee for Standardization (CEN). Its full title is "Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO 21177:2024)". This standard covers: This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.: —     between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and —     between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.: —     between devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) as specified in ISO 21217; and —     between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many intelligent transport system (ITS) applications and services, including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.

EN ISO 21177:2024 is classified under the following ICS (International Classification for Standards) categories: 03.220.01 - Transport in general; 35.030 - IT Security; 35.240.60 - IT applications in transport. The ICS classification helps identify the subject area and facilitates finding related standards.

EN ISO 21177:2024 has the following relationships with other standards: It is inter standard links to EN ISO 21177:2023. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

You can purchase EN ISO 21177:2024 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CEN standards.

Standards Content (Sample)


SLOVENSKI STANDARD
01-junij-2024
Nadomešča:
SIST EN ISO 21177:2023
Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno
vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO
21177:2024)
Intelligent transport systems - ITS station security services for secure session
establishment and authentication between trusted devices (ISO 21177:2024)
Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren
Aufbau von Sitzungen und zur Authentisierung zwischen vertrauenswürdigen Geräten
(ISO 21177:2024)
Systèmes de transport intelligents - Services de sécurité des stations ITS pour
l’établissement et l’authentification des sessions sécurisées entre dispositifs de
confiance (ISO 21177:2024)
Ta slovenski standard je istoveten z: EN ISO 21177:2024
ICS:
03.220.01 Transport na splošno Transport in general
35.030 Informacijska varnost IT Security
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 21177
EUROPEAN STANDARD
NORME EUROPÉENNE
March 2024
EUROPÄISCHE NORM
ICS 03.220.01; 35.240.60; 35.030 Supersedes EN ISO 21177:2023
English Version
Intelligent transport systems - ITS station security services
for secure session establishment and authentication
between trusted devices (ISO 21177:2024)
Systèmes de transport intelligents - Services de Intelligente Verkehrssysteme - Sicherheitsdienste für
sécurité des stations ITS pour l'établissement et eine ITS-Station zum sicheren Aufbau von Sitzungen
l'authentification des sessions sécurisées entre und zur Authentisierung zwischen
dispositifs de confiance (ISO 21177:2024) vertrauenswürdigen Geräten (ISO 21177:2024)
This European Standard was approved by CEN on 6 March 2024.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 21177:2024 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 21177:2024) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2024, and conflicting national standards
shall be withdrawn at the latest by September 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 21177:2023.
Any feedback and questions on this document should be directed to the users’ national standards
body/national committee. A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Endorsement notice
The text of ISO 21177:2024 has been approved by CEN as EN ISO 21177:2024 without any modification.

International
Standard
ISO 21177
Second edition
Intelligent transport systems —
2024-03
ITS station security services for
secure session establishment
and authentication between
trusted devices
Systèmes de transport intelligents — Services de sécurité des
stations ITS pour l’établissement et l’authentification des sessions
sécurisées entre dispositifs de confiance
Reference number
ISO 21177:2024(en) © ISO 2024
ISO 21177:2024(en)
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO 21177:2024(en)
Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Overview . 4
5.1 General description, relationship to transport layer security (TLS) and relationship to
application specifications .4
5.2 Goals .5
5.3 Architecture and functional entities .5
5.4 Cryptomaterial handles .10
5.5 Session IDs and state .10
5.6 Access control and authorization state .11
5.7 Application level non-repudiation .11
5.8 Service primitive conventions .11
6 Process flows and sequence diagrams .12
6.1 General . 12
6.2 Overview of process flows . 12
6.3 Sequence diagram conventions . 13
6.4 Configure .14
6.5 Start session . 15
6.6 Send data .18
6.7 Send access control PDU .21
6.8 Receive PDU . 22
6.9 Extend session .27
6.9.1 Goals .27
6.9.2 Processing . 28
6.10 Secure connection brokering . 28
6.10.1 Goals . 28
6.10.2 Prerequisites . 28
6.10.3 Overview . 29
6.10.4 Detailed specification . 30
6.11 Force end session. 38
6.12 Session terminated at session layer . 39
6.13 Deactivate . 40
6.14 Secure session example .41
7 Security subsystem: interfaces and data types .43
7.1 General .43
7.2 Access control policy and state .43
7.3 Enhanced authentication . 44
7.3.1 Definition and possible states . 44
7.3.2 States for owner role enhanced authentication .45
7.3.3 State for accessor role enhanced authentication . 46
7.3.4 Use by access control . 46
7.3.5 Methods for providing enhanced authentication .47
7.3.6 Enhanced authentication using SPAKE2 .47
7.4 Extended authentication . 48
7.5 Security Management Information Request . 48
7.5.1 Rationale . 48
7.5.2 General . 49
7.6 Data types . 50

iii
ISO 21177:2024(en)
7.6.1 General . 50
7.6.2 Imports . 50
7.6.3 “Helper” data types . 50
7.6.4 Iso21177AccessControlPdu .51
7.6.5 AccessControlResult .51
7.6.6 ExtendedAuthPdu .51
7.6.7 ExtendedAuthRequest .52
7.6.8 InnerExtendedAuthRequest .52
7.6.9 AtomicExtendedAuthRequest . 53
7.6.10 ExtendedAuthResponse . 53
7.6.11 ExtendedAuthResponsePayload . 53
7.6.12 EnhancedAuthPdu . 53
7.6.13 SpakeRequest . 54
7.6.14 SpakeResponse . 54
7.6.15 SpakeRequesterResponse . 54
7.6.16 SecurityMgmtInfoPdu . 54
7.6.17 SecurityMgmtInfoRequest . 55
7.6.18 EtsiCrlRequest . 55
7.6.19 CertChainRequest . 55
7.6.20 SecurityMgmtInfoResponse. 56
7.6.21 SecurityMgmtInfoErrorResponse . 56
7.6.22 EtsiCrlResponse . 56
7.6.23 EtsiCtlResponse . . . 56
7.6.24 IeeeCrlResponse .57
7.6.25 CertChainResponse . .57
7.6.26 SessionExtensionPdu .57
7.7 App-Sec Interface .59
7.7.1 App-Sec-Configure.request .59
7.7.2 App-Sec-Configure.confirm . 60
7.7.3 App-Sec-StartSession.indication . 60
7.7.4 App-Sec-Data.request. 60
7.7.5 App-Sec-Data.confirm .61
7.7.6 App-Sec-Incoming.request .61
7.7.7 App-Sec-Incoming.confirm.62
7.7.8 App-Sec-EndSession.request . 63
7.7.9 App-Sec-EndSession.indication . 63
7.7.10 App-Sec-Deactivate.request . 63
7.7.11 App-Sec-Deactivate.confirm . 64
7.7.12 App-Sec-Deactivate.indication . 64
7.8 Security subsystem internal interface . 64
7.8.1 General . 64
7.8.2 Sec-AuthState.request . 65
7.8.3 Sec-AuthState.confirm . 65
8 Adaptor layer: interfaces and data types .66
8.1 General . 66
8.2 Data types .67
8.2.1 General .67
8.2.2 Iso21177AdaptorLayerPDU .67
8.2.3 Apdu . 68
8.2.4 AccessControl . 68
8.2.5 TlsClientMsg1 . . . 68
8.2.6 TlsServerMsg1 . 68
8.3 App-AL Interface . 68
8.3.1 App-AL-Data.request . 68
8.3.2 App-AL-Data.confirm . 69
8.3.3 App-AL-Data.indication . . . 69
8.3.4 App-AL-EnableProxy.request .70
8.4 Sec-AL Interface .71

iv
ISO 21177:2024(en)
8.4.1 Sec-AL-AccessControl.request .71
8.4.2 Sec-AL-AccessControl.confirm. 72
8.4.3 Sec-AL-AccessControl.indication . 72
8.4.4 Sec-AL-EndSession.request . 73
8.4.5 Sec-AL-EndSession.confirm. 73
9 Secure session Services .73
9.1 General . 73
9.2 App-Sess interfaces . 73
9.2.1 App-Sess-EnableProxy.request . 73
9.3 Sec-Sess interface .74
9.3.1 Sec-Sess-Configure.request .74
9.3.2 Sec-Sess-Configure.confirm .76
9.3.3 Sec-Sess-Start.indication.76
9.3.4 Sec-Sess-EndSession.indication . 77
9.3.5 Sec-Sess-Deactivate.request . 77
9.3.6 Sec-Sess-Deactivate.confirm . 78
9.4 AL-Sess interface . 78
9.4.1 AL-Sess-Data.request . 78
9.4.2 AL-Sess-Data.confirm . 78
9.4.3 AL-Sess-Data.indication . 78
9.4.4 AL-Sess-EndSession.request . 79
9.4.5 AL-Sess-EndSession.confirm . 79
9.4.6 AL-Sess-ClientHelloProxy.request . 79
9.4.7 AL-Sess-ClientHelloProxy.indication . 80
9.4.8 AL-Sess-ServerHelloProxy.request . 81
9.4.9 AL-Sess-ServerHelloProxy.indication . 81
9.5 Permitted mechanisms . 82
9.5.1 TLS 1.3 . 82
9.5.2 DTLS 1.3 . 83
Annex A (informative) Usage scenarios .84
Annex B (normative) ASN.1 module .92
Annex C (normative) Session extension PDU functional type .93
Annex D (normative) Owner authorization .94
Bibliography .98

v
ISO 21177:2024(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 204, Intelligent transport systems, in
collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/TC 278,
Intelligent transport systems, in accordance with the Agreement on technical cooperation between ISO and
CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO 21177:2023), of which it constitutes a minor
revision. The changes are as follows:
— cross-references to RFC 8942 have been updated to RFC 8902 throughout the document;
— information concerning patent(s) required for the implementation of this document has been moved
from the Introduction to the Foreword.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

vi
ISO 21177:2024(en)
Introduction
This document specifies ITS station security services that provide authenticity of the source and
confidentiality and integrity of application activities taking place between trusted devices. The two devices
taking part in a data exchange establish a cryptographically secure session. As part of establishing this
session, each device [or, more precisely, each end entity (EE) which is an application on the device] is sent
one or more digital certificates that are cryptographically bound to the other EE and contain statements,
made by a trusted third party, about the EE’s capabilities, properties and permissions. This allows each EE
to have assurance about the properties of the other EE in the session, and this in turn allows each EE to
make trust and access control decisions about data that the other EE can access, commands that the other
EE can execute, states that the other EE can change, and other types of access that the other EE can request.
In other words, the two EEs establish a trust relationship where each EE is trusted by the other EE to carry
out specific actions, without requiring one EE to allow the other EE to have arbitrary access.
The mechanisms specified in this document allow each EE to establish trusted facts about the other EE.
For these mechanisms to be used, the EE specification needs to include an access control policy, indicating
which properties are required to be known to be true about the other EE for that other EE to be allowed to
carry out particular actions. In other words, this document provides a means to obtain security-relevant
information, but the use of that security-relevant information is to be specified in the specification of the EE.
The trust relation between two devices is illustrated in Figure 1. Two devices cooperate in a trusted way, i.e.
exchange information with optional explicit bi-directional protection.
Figure 1 — Interconnection of trusted devices
According to ISO 21217, an ITS station unit (ITS-SU), i.e. the physical implementation of the ITS station
(ITS-S) functionality, is a trusted device, and an ITS-SU may be composed of ITS station communication units
(ITS-SCUs) that are interconnected via an ITS station-internal network. Thus, an ITS-SCU is the smallest
physical entity of an ITS-SU that is referred to as a trusted device.
[16]
NOTE 1 ISO 21217 fully covers the functionality of EN 302 665, which is a predecessor of ISO 21217.
NOTE 2 An ITS-SU can be composed of ITS-SCUs from different vendors where each ITS-SCU is linked to a different
ITS-SCU configuration and management centre specified in ISO 24102-2 and ISO 17419. Station-internal management
communications between ITS-SCUs of the same ITS-SU are specified in ISO 24102-4. The European C-ITS regulation
refers to the "ITS-SCU configuration and management centre" as "C-ITS station operator" meaning the entity
responsible for the operation of a C-ITS station. The C-ITS station operator can be responsible for the operation of
one single C-ITS station (fixed or mobile), or a C-ITS infrastructure composed of a number of fixed C-ITS stations, or a
number of mobile ITS stations.
Four implementation contexts of communication nodes in ITS communications networks are identified
in the ITS station and communication architecture of ISO 21217, each comprised of ITS-SUs taking on a
particular role: personal, vehicular, roadside or central. These ITS-SUs are ITS-secured communication
nodes as required in ISO 21217 that participate in a wide variety of ITS services related to, for example,
sustainability, road safety and transportation efficiency. See also Figure 2, Figure 3, Figure 4 and Figure 5.
Over the last decade, ITS services have arisen that require secure access to data from sensor and control
networks (SCN), for example, from in-vehicle networks (IVN) and from infrastructure/roadside networks
(IRN), some of which require secure local access to time-critical information; see Figure 2 and Figure 3.

vii
ISO 21177:2024(en)
Key
VMS variable message sign
Figure 2 — Example of a roadside ITS-SU connected with proprietary IRN
Key
ECU electronic control unit
Figure 3 — Example of a vehicle ITS-SU connected with proprietary IVN

viii
ISO 21177:2024(en)
Key
N&T Networking & Transport
Figure 4 — Interconnection of ITS-SCUs in an ITS-SU
Key
N&T Networking & Transport
Figure 5 — Interconnection of ITS-SUs
By applying basic security means specified in this document, the ITS-SUs can establish secure application
sessions. Establishment of sessions either requires prior knowledge about a session partner or can be
achieved by means of a service announcement as specified in ISO 22418. Further on, the broadcasting of
messages is secured by means of authenticating the sender of such a message, applicable for the service
advertisement message (SAM) specified in ISO 16460 and used in ISO 22418. Additionally, other security
means may be applied, e.g. encryption of messages.
A further trust relation in the ITS domain is between an ITS-SU consisting of one or several ITS-SCUs and a
sensor and control network (SCN). Trust is achieved by applying security means in an interface as illustrated
in Figure 6 with details specified in this document.
Key
N&T Networking & Transport
Figure 6 — Interface between ITS-SU and sensor and control network

ix
ISO 21177:2024(en)
The interface presented in Figure 6 may be a stand-alone device, or may be integrated in the ITS-SU, or
may be part of the SCN. Examples of SCNs are "in-vehicle networks" (IVN) and "infrastructure/roadside
networks" (IRN).
Related use cases of these ITS services have largely been derived from regulatory requirements and ITS
operational needs, and they include:
— secure real-time access to time-critical vehicle-related data for safety of life and property applications,
e.g. collision avoidance, emergency electronic brake light and event determination;
— secure local access to detailed real-time data for efficiency applications (traffic management), e.g.
intersection interaction, congestion avoidance and dynamic pr
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

EN ISO 21177:2024は、信頼されたデバイス間でのセキュアなセッションの確立と認証を目的としたITSステーションセキュリティサービスに関する標準であり、知的交通システム(ITS)の重要な要素を構成しています。このドキュメントは、ITSステーション間での情報交換の信頼性と完全性を保障するために必要な仕様を提供しており、特に「ITSステーションコミュニケーションユニット」(ITS-SCU)および「ITSステーションユニット」(ITS-SU)間の通信において、その重要性が際立っています。 標準の範囲は広く、ITS-SU(複数のITS-SCUで構成)と外部の信頼できるエンティティ、具体的にはセンサーや制御ネットワークとの間の認証を含むセキュアなセッションの確立に必要なサービスが含まれています。このようなサービスは、情報を信頼性の高い安全な方法で交換するために不可欠であり、様々なITSアプリケーションやサービス、特に時間が重要な安全アプリケーション、自動運転、ITSステーションのリモート管理(ISO 24102-2)、および道路脇/インフラ関連サービスにおいて重要です。 EN ISO 21177:2024の大きな強みは、ITSアプリケーションのセキュリティと信頼性を高めるための具体的な手法を提供している点にあります。セキュアなセッションの確立と認証プロセスが明確に定義されることで、様々なステークホルダーの間での情報のやり取りが一層円滑かつ安全に行えるようになります。これにより、ITSの導入や発展が促進され、より安全な交通環境の構築に寄与します。 この標準は、情報通信におけるセキュリティの重要性が高まる中、ITSにおける信頼性と安全性を担保するための基盤を提供しており、今後の技術革新やサービス展開においても極めて関連性が高いと評価できます。

Die Norm EN ISO 21177:2024 bietet einen umfassenden Rahmen für die Sicherheitsdienste von intelligenten Verkehrssystemen (ITS). Ihr Hauptaugenmerk liegt auf der Gewährleistung der Authentizität der Quelle und der Integrität von Informationen, die zwischen vertrauenswürdigen Entitäten ausgetauscht werden. Diese Spezifikationen sind besonders wichtig für den Austausch von Daten zwischen „ITS Station Communication Units“ (ITS-SCU) und „ITS station units“ (ITS-SU), wie es in ISO 21217 definiert ist, sowie zwischen den ITS-SUs und externen vertrauenswürdigen Entitäten wie Sensor- und Steuerungsnetzwerken. Ein herausragendes Merkmal dieser Norm sind die festgelegten Sicherheitsdienste, die für den sicheren Austausch kritischer Informationen unerlässlich sind. Die in der Norm beschriebenen Verfahren zur Authentifizierung und Etablierung gesicherter Sitzungen ermöglichen es, sich als vertrauenswürdige Quelle auszuweisen und die Integrität der übermittelten Daten zu gewährleisten. Diese Eigenschaften sind von zentraler Bedeutung für zahlreiche ITS-Anwendungen, insbesondere für zeitkritische Sicherheitsanwendungen, automatisiertes Fahren sowie das Remote-Management von ITS-Stationen gemäß ISO 24102-2 und für dienstleistungsbezogene Aspekte im Straßen- und Infrastrukturbereich. Die Relevanz der EN ISO 21177:2024 ist beträchtlich, da sie nicht nur die Sicherheitsanforderungen für ITS definiert, sondern auch dazu beiträgt, das Vertrauen in intelligente Verkehrssysteme zu stärken. Durch die Standardisierung von Sicherheitsdiensten stellt diese Norm sicher, dass alle Beteiligten auf einheitliche, sichere Prozesse zugreifen können. Insgesamt stellt die Norm einen essenziellen Beitrag zur Weiterentwicklung und Sicherheit von intelligenten Verkehrssystemen dar.

La norme EN ISO 21177:2024 présente des spécifications cruciales pour les services de sécurité des stations des systèmes de transport intelligents (ITS) afin d'assurer l'authenticité des sources et l'intégrité des informations échangées entre des entités de confiance. Son champ d'application est particulièrement pertinent dans le contexte actuel où la sécurité des données et des communications dans le secteur des transports est primordiale. Cette norme met en avant plusieurs points forts. Tout d'abord, elle définit clairement les services de sécurité nécessaires pour établir des sessions sécurisées et authentiques entre des dispositifs opérés comme des entités sécurisées gérées, telles que les "Units de communication des stations ITS" (ITS-SCU) et les "unités de station ITS" (ITS-SU). La spécification de ces services permet d’établir un cadre robuste pour des échanges d'informations fiables et sécurisés. En outre, l’interconnexion entre les ITS-SUs, qui peuvent inclure plusieurs ITS-SCUs, et des entités de confiance externes, comme les réseaux de capteurs et de contrôle, est essentielle pour garantir la fiabilité des systèmes de transport intelligents. Cette capacité à interagir avec des sources externes tout en maintenant un haut niveau de sécurité est un atout majeur de cette norme. Enfin, la norme EN ISO 21177:2024 est particulièrement pertinente pour diverses applications et services ITS, y compris les applications de sécurité critiques en temps réel, la conduite automatisée, et la gestion à distance des stations ITS (comme l'indique la norme ISO 24102-2). Ainsi, son adoption est indispensable pour garantir un environnement de transport sûr et fiable dans le cadre des évolutions technologiques rapides que connaît ce secteur.

EN ISO 21177:2024 표준은 지능형 교통 시스템(ITS) 내 안전한 세션 설정 및 인증을 위한 ITS 스테이션 보안 서비스에 대한 명세를 담고 있습니다. 이 문서는 신뢰할 수 있는 장치 간에 교환되는 정보의 출처의 진위와 무결성을 보장하기 위해 필요한 다양한 ITS 스테이션 보안 서비스를 정의하고 있습니다. 이 표준의 주요 강점 중 하나는 ITS-SCU(ITS 스테이션 통신 장치)와 ITS-SU(ITS 스테이션 유닛) 간의 안전한 통신을 위한 구체적인 접근 방식을 제공한다는 점입니다. ISO 21217에서 명시한 바와 같이, 이 서비스는 안전한 관리 방식으로 운영되는 확인된 엔터티 간의 상호 작용을 지원하며, 나아가 여러 개의 ITS-SCU로 구성된 ITS-SU와 외부 신뢰할 수 있는 엔티티 간의 정보 교환을 가능하게 합니다. 또한, 이 문서에서 제시된 인증 및 안전한 세션 설정 서비스를 통해 ITS의 여러 응용 프로그램과 서비스, 특히 시간에 민감한 안전 애플리케이션, 자동 운전, ITS 스테이션의 원격 관리(ISO 24102-2) 및 도로변/인프라 관련 서비스에 필수적인 요소가 됩니다. 이러한 보안 서비스는 ITS의 구현을 위한 신뢰성을 높이는 데 기여하며, 전반적으로 지능형 교통 시스템의 안전성을 크게 향상시키는 데 중요한 역할을 합니다. 결론적으로, EN ISO 21177:2024 표준은 ITS 환경에서의 신뢰성 있는 통신과 보안을 보장하기 위한 명확하고 포괄적인 프레임워크를 제공하여, 현대 교통 체계의 발전에 매우 중요한 기준 중 하나로 자리 잡고 있습니다.

The EN ISO 21177:2024 standard provides critical specifications for Intelligent Transport Systems (ITS) focusing on the essential security services needed to establish authentic and secure sessions between trusted devices. The scope of this document encompasses the establishment of secure communication between ITS Station Communication Units (ITS-SCU) and ITS station units (ITS-SU) as defined in ISO 21217, as well as interactions between ITS-SUs and external trusted entities such as sensor and control networks. One of the primary strengths of EN ISO 21177:2024 is its comprehensive approach to authentication and secure session establishment. By outlining specific services designed to ensure the authenticity of sources and the integrity of exchanged information, the standard significantly enhances the reliability and security of communication within Intelligent Transport Systems. This is particularly crucial in the context of time-critical safety applications and automated driving, where any lapse in data integrity could lead to dire consequences. Moreover, the document's emphasis on secure communications for remote management of ITS stations aligns with the growing trend toward more automated and efficient transport infrastructures. The relevance of these services is underscored by their application across various ITS services, including roadside and infrastructure-related services that mandate trusted interactions between multiple entities. Overall, the EN ISO 21177:2024 standard is pivotal for professionals involved in the development and implementation of intelligent transport systems. Its specifications not only reinforce the importance of security in trusted device communications but also facilitate advancements in the ecosystem of automated transportation solutions. The standard effectively addresses the increasing demands for secure data integrity and reliable authentication, making it a foundational document in the realm of ITS security services.

This May Also Interest You

CEN
EN ISO 23696-2:2025(Main)
Water quality - Determination of nitrate in water using small-scale sealed tubes - Part 2: Chromotropic acid colour reaction (ISO 23696-2:2023)
oSIST prEN ISO 23696-2:2025

This document specifies a method for the determination of nitrate as NO3-N in water of various origin such as natural water (including groundwater, surface water and bathing water), drinking water and wastewater, in a measuring range of concentration between 0,20 mg/l and 30 mg/l of NO3-N using the small-scale sealed tube method. Different measuring ranges of small-scale sealed tube methods can be required.
The measuring ranges can vary depending on the type of the small-scale sealed tube method of different manufacturers.
It is up to the user to choose the small-scale sealed tube test with the appropriate application range or to adapt samples with concentrations exceeding the measuring range of a test by preliminary dilution.
NOTE 1   The results of a small-scale sealed tube test are most precise in the middle of the application range of the test.
Manufacturers' small-scale sealed tube methods are based on chromotropic colour reaction, depending on the typical operating procedure of the small-scale sealed tube used, see Clause 9.
NOTE 2      Laws, regulations or standards can require that the data is expressed as NO3 after conversion with the stoichiometric conversion factor 4,426 81 in Clause 11.
NOTE 3   In the habitual language, use of sewage treatment and on the displays of automated sealed-tube test devices, NO3 without indication of the negative charge has become the common notation for the parameter nitrate and especially for the parameter nitrate-N. This notation is adopted in this document even though not being quite correct chemical nomenclature.

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 18243:2025(Main)
Electrically propelled mopeds and motorcycles - Test specifications and safety requirements for lithium-ion battery systems (ISO 18243:2025)
kSIST FprEN ISO 18243:2025

This document specifies the test procedures for lithium-ion battery packs and systems used in electrically propelled mopeds and motorcycles.
The specified test procedures enable the user of this document to determine the essential characteristics on performance and safety of lithium-ion battery packs and systems. It is also possible to compare the test results achieved for different battery packs or systems.
This document enables setting up a dedicated test plan for an individual battery pack or system subject to an agreement between customer and supplier. If required, the relevant test procedures and/or test conditions of lithium-ion battery packs and systems are selected from the standard tests provided in this document to configure a dedicated test plan.
NOTE 1        Electrically power-assisted cycles (EPAC) cannot be considered as mopeds. The definition of electrically power-assisted cycles can differ from country to country. An example of definition can be found in Reference [7].
NOTE 2        Testing on cell level is specified in the IEC 62660 series.

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 71-20:2025(Main)
Safety of toys - Part 20: Microbiological safety of toys containing accessible aqueous media
kSIST FprEN 71-20:2025

This document specifies microbiological cleanliness and preservative efficacy requirements for accessible aqueous media in toys.
The requirements in this document apply to all toys that are, contain or are supplied with accessible aqueous materials (e.g. paste, putty, finger paint, liquid or gel).
The cleanliness and preservation effectiveness requirements are applicable to a toy as it is initially received by the consumer, in an unopened and undamaged container. This document does not apply to a toy that has been used, has had its packaging opened or is otherwise compromised in a way that would introduce microbiological contamination.
This document does not apply to toys and samples which are post-consumer use, since the microbiological limits are inappropriate given, there is no way to establish what conditions the toys have been subject to before testing.
This document does not apply to:
-   materials that are inaccessible during normal use or after reasonably foreseeable abuse;
-   food;
-   cosmetics;
-   components of toys covered by EN 71-13 where;
-   the component is in scope of the Cosmetic Products Regulation (i.e. Regulation (EC) No 1223/2009 [13];
-   the component comprises only recognized food flavours and food ingredients (see relevant legislation, for example Regulation (EC) No 178/2002 [16] ("general food law"), Regulation (EC) No 1334/2008 [15] (flavours), Regulation (EC) No 1333/2008 [14], Commission Regulation (EU) No 231/2012 [18] (food additives) and Regulation (EU) No 1169/2011 (food information to consumers)[17]);
-   experimental sets covered by EN 71-4.
NOTE   Play cosmetics, that are only for use on the toy (e.g. makeup products only for a doll), are not excluded.

  • Draft
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4315:2025(Main)
Aerospace series - Heat-resisting alloy X6NiCrTiMoV26-15 (1.4980) - Consumable electrode remelted - Solution treated and precipitation treated - Bars and sections - a or D ≤ 100 mm - Rm ≥ 900 MPa
kSIST FprEN 4315:2025

This document specifies the requirements relating to:
Heat-resisting alloy X6NiCrTiMoV26-15 (1.4980)
Consumable electrode remelted
Solution treated and precipitation treated
Bars and sections
a or D ≤ 100 mm
Rm ≥ 900 MPa
for aerospace applications.
W.nr: 1.4980.
ASD-STAN designation: FE-PA2601.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13126-10:2025(Main)
Building hardware - Hardware for windows and door height windows - Requirements and test methods - Part 10: Arm-balancing systems
kSIST FprEN 13126-10:2025

This document specifies requirements and test methods for durability, strength, security and function for arm-balancing systems for windows and door height windows - see Annex C.

  • Draft
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4318:2025(Main)
Aerospace series - Heat-resisting alloy X6NiCrTiMoV26-15 (1.4980) - Consumable electrode remelted - Solution treated and precipitation treated - Bars and sections - De ≤ 100 mm - Rm ≥ 960 MPa
kSIST FprEN 4318:2025

This document specifies the requirements relating to:
Heat-resisting alloy X6NiCrTiMoV26-15 (1.4980)
Consumable electrode remelted
Solution treated and precipitation treated
Bars and sections
De ≤ 100 mm
Rm ≥ 960 MPa
for aerospace applications.
W.nr: 1.4980.
ASD-STAN designation: FE-PA2601.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 9276:2025(Main)
Aerospace series - Programme management - Recommendations for the implementation of the integrated logistic support
kSIST FprEN 9276:2025

The purpose of this document is to:
—   identify and describe, in a structured way, the principles of the integrated logistic support (ILS) activities and tasks for the main types of stakeholders in the system life cycle, from the expression of need to disposal;
—   place the activities, tasks and ILS deliverables within the programme execution;
—   identify the main selection and sizing of activities and tasks criteria according to the nature and the requirements of the programme;
—   control the relations with the other aspects of programme management.
This document covers the following subjects:
—   management of ILS (definition, implementation and running of the processes);
—   expression of the support requirements;
—   elaboration of the contracts (e.g. for development, maintenance, supply);
—   implementation of the tasks and processes.
This document is also related to the following subjects:
—   relations with costs and lead times control, configuration management, performance and RAMS management, quality assurance, documentation management;
—   regulations (e.g. information system security, export controls, safety at work);
—   human and organizational factors (HOF);
—   environment (e.g. RoHS, REACh);
—   information systems (IS) and the links between them;
—   logistics information systems (LIS);
—   in-service support (ISS) activities;
—   configuration management of ILS objects;
—   life cycle.
The following stakeholders are concerned by ILS:
—   users in the broadest sense: operators, maintenance operators, administrators, dismantlers of the system, trainers;
—   the customer, who:
—   prepares technical and contractual specifications of need with which the system will comply;
—   sets up the funding of the programme;
—   oversees the realization and commissioning of the main system and of the support system;
—   facilitates the feedback.
NOTE 1   At the highest level of the system, the customer can also be referred to as the “project owner”.
NOTE 2   The “main system” can also be referred to as the “system of interest”.
—   the supplier(s) who deliver a system (main and support) to the customer, which meets the performance specifications on time and for the agreed cost, throughout the system life cycle;
NOTE 3   At the highest level of the system, the supplier can also be referred to as the “industrial prime contractor”.
—   the regulatory authorities that supervise and approve the support processes and equipment, as needed.
The principles laid down in this document can be applied, after adaptation, to all the customer/supplier relations resulting from the breakdown of the main contract into sub-contracts.

  • Draft
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4314:2025(Main)
Aerospace series - Heat-resisting alloy X4NiCrTiMoV26-15 (1.4680) - Consumable electrode remelted - Not heat treated - Forging stock - a or D ≤ 250 mm
kSIST FprEN 4314:2025

This document specifies the requirements relating to:
Heat-resisting alloy X4NiCrTiMoV26-15 (1.4680)
Consumable electrode remelted
Not heat treated
Forging stock
a or D ≤ 250 mm
for aerospace applications.
W.nr: 1.4680.
ASD-STAN designation: FE-PA2602.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13126-12:2025(Main)
Building hardware - Hardware for windows and door height windows - Requirements and test methods - Part 12: Side hung projecting reversible hardware
kSIST FprEN 13126-12:2025

This document specifies requirements and test methods for durability, strength, security and function for side hung projecting reversible hardware for windows and door height windows.
NOTE   This document is applicable to side hung projecting reversible hardware whether fitted with integral restrictors or not. Where any restrictor is used it is intended to be tested in accordance with EN 13126-5.

  • Draft
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18097:2025(Main)
Hydrometry - Measurement of precipitation intensity - Metrological requirements and test methods for non-catching type rain gauges
kSIST FprEN 18097:2025

This document considers liquid atmospheric precipitation (rain) and defines the procedures and equipment to perform laboratory tests, in steady-state conditions, for the calibration, check and metrological confirmation of non-catching rainfall measurement instruments. This document is not applicable to field performance.
It provides a classification of non-catching measurement instruments based on their laboratory performance. The classification does not relate to the physical principle used for the measurement, nor does it refer to the technical characteristics of the instrument assembly but is solely based on the instrument calibration.
Attribution of a given class to an instrument is not intended as a high/low ranking of its quality but rather as a quantitative standardized method to declare the achievable measurement accuracy to provide guidance on the suitability for a particular purpose, while meeting the user’s requirements.

  • Draft
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day