ETSI TS 102 731 V1.1.1 (2010-09)

Technical Specification
Intelligent Transport Systems (ITS);
Security;
Security Services and Architecture

2 ETSI TS 102 731 V1.1.1 (2010-09)

Reference
DTS/ITS-0050001
Keywords
ITS, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI TS 102 731 V1.1.1 (2010-09)

Contents
Intellectual Property Rights . 6
Foreword . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definitions and abbreviations . 8
3.1 Definitions . 8
3.2 Abbreviations . 9
4 Purpose of the Present Document . 9
5 Refinement of Countermeasures . 10
6 ITS Communications Security Architecture . 14
6.1 Overview . 14
6.2 ITS Authoritative Hierarchy . 16
6.2.1 Overview . 16
6.2.2 Manufacturer . 16
6.2.3 Enrolment Authority . 16
6.2.4 Authorization Authority . 17
6.2.5 Trust Assumptions . 18
6.2.5.1 Trust Assumptions in normal operation . 18
6.2.5.2 Compromised ITS-S. 19
6.2.5.3 Compromised Authorities . 19
6.3 ITS Security Parameter Management . 19
6.3.1 Identities and Identifiers in ITS . 19
6.3.1.1 Authorization and privacy with authorization tickets . 20
6.3.1.1.1 Personal user vehicles . 20
6.3.1.1.2 Official role vehicles and infrastructure . 20
6.3.1.2 Authorization tickets and cryptography for personal user vehicles and official role users . 20
6.4 ITS Message Communication Models . 21
6.4.1 Overview . 21
6.4.2 Individual public messages . 21
6.4.3 Individual private messages . 21
6.4.4 Security Associations . 21
7 ITS Security Services . 22
7.1 Enrolment Credentials . 22
7.1.1 Obtain Enrolment Credentials. 22
7.1.1.1 Functional model . 22
7.1.1.1.1 Functional model description . 22
7.1.1.1.2 Description of functional entities . 23
7.1.1.2 Information flows . 23
7.1.1.2.1 Definition of information flows . 23
7.1.2 Update Enrolment Credentials . 26
7.1.2.1 Functional model . 26
7.1.2.1.1 Functional model description . 26
7.1.2.1.2 Description of functional entities . 27
7.1.2.2 Information flows . 27
7.1.2.2.1 Definition of information flows . 27
7.1.2.2.2 Examples of information flow sequences . 28
7.1.3 Remove Enrolment Credentials . 29
7.1.3.1 Functional model . 29
7.1.3.1.1 Functional model description . 29
7.1.3.1.2 Description of functional entities . 30
ETSI
4 ETSI TS 102 731 V1.1.1 (2010-09)

7.1.3.2 Information flows . 30
7.1.3.2.1 Definition of information flows . 30
7.1.3.2.2 Examples of information flow sequences . 31
7.2 Authorization Tickets . 32
7.2.1 Functional model . 32
7.2.1.1 Functional model description . 32
7.2.1.2 Description of functional entities . 33
7.2.1.2.1 ITS Station Agent . 33
7.2.1.2.2 A-Ticket Distributor . 33
7.2.1.2.3 Enrolment Credentials Verifier . 33
7.2.1.2.4 ITS Network Agent . 33
7.2.1.2.5 ITS Authorization Status Manager . 34
7.2.2 Obtain Authorization Tickets service . 34
7.2.2.1 Information flows . 34
7.2.2.1.1 Definition of information flows . 34
7.2.3 Update Authorization Tickets . 36
7.2.3.1 Functional model . 36
7.2.3.1.1 Functional model description . 36
7.2.3.2 Information flows . 36
7.2.3.2.1 Definition of information flows . 36
7.2.4 Publish Authorization Status. 38
7.2.4.1 Information flows . 38
7.2.4.1.1 Definition of information flows . 38
7.2.5 Update Local Authorization Status Repository. 40
7.2.5.1 Information flows . 40
7.2.5.1.1 Definition of information flows . 40
7.3 Security Associations . 42
7.3.1 Model . 42
7.3.1.1 Functional model . 43
7.3.1.1.1 Functional model description . 43
7.3.1.1.2 Description of functional entities . 43
7.3.2 Establish Security Association . 44
7.3.2.1 Information flows . 44
7.3.2.1.1 Definition of information flows . 44
7.3.3 Update security association. 50
7.3.3.1 Information flows . 50
7.3.3.1.1 Definition of information flows . 50
7.3.4 Send Secured Message . 54
7.3.5 Receive Secured Message . 54
7.3.6 Remove security association . 54
7.3.6.1 Information flows . 54
7.3.6.1.1 Definition of information flows . 54
7.4 Single message services . 56
7.4.1 Authorize Single Message . 56
7.4.2 Validate Authorization on Single Message . 56
7.4.3 Encrypt Single Message . 56
7.4.3.1 Overview . 56
7.4.4 Decrypt Single Message . 56
7.4.4.1 Overview . 56
7.5 Integrity services . 56
7.5.1 Calculate Check Value . 56
7.5.2 Validate Check Value . 56
7.5.3 Insert Check Value. 57
7.6 Replay Protection services . 57
7.6.1 Replay Protection Based on Timestamp . 57
7.6.2 Replay Protection Based on Sequence Number . 57
7.7 Accountability services . 57
7.7.1 Record Incoming Message in Audit Log . 57
7.7.2 Record outgoing message in Audit Log . 57
7.8 Plausibility validation . 57
7.8.1 Validate Data Plausibility . 57
7.9 Remote management . 58
ETSI
5 ETSI TS 102 731 V1.1.1 (2010-09)

7.9.1 Functional model . 58
7.9.1.1 Functional model description . 58
7.9.1.1.1 Description of functional entities . 58
7.9.2 Activate ITS transmission . 59
7.9.2.1 Information flows . 59
7.9.2.1.1 Remote Activate Transmission . 59
7.9.2.1.2 Activate Transmission . 59
7.9.2.1.3 Transmission Activation . 60
7.9.2.1.4 Examples of information flow sequences . 60
7.9.3 Deactivate ITS transmission . 61
7.9.3.1 Information flows . 61
7.9.3.1.1 Definition of information flows . 61
7.10 Report Misbehaving ITS-S . 63
7.10.1 Report misbehaviour . 63
7.10.1.1 Functional model . 63
7.10.1.1.1 Functional model description . 63
7.10.1.1.2 Description of functional entities . 64
7.10.1.2 Information flows . 64
7.10.1.2.1 Definition of information flows . 64
Annex A (informative): Bibliography . 67
History . 68

ETSI
6 ETSI TS 102 731 V1.1.1 (2010-09)

Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No
guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the
ETSI Web server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Intelligent Transport System (ITS).
ETSI
7 ETSI TS 102 731 V1.1.1 (2010-09)

1 Scope
The present document specifies mechanisms at the stage 2 level defined by ETS 300 387 [i.2] for secure and
privacy-preserving communication in ITS environments. It describes facilities for credential and identity management,
privacy and anonymity, integrity protection, authentication and authorization.
The mechanisms are specified as stage 2 security services according to the 3 stage method described in
ETS 300 387 [i.2], and identify the functional entities and the information flow between them. The stage 2 security
services will be refined into a number of security protocols as part of the stage 3 specifications. There may be several
security protocols able to fulfil the requirements of a security services.
The present document describes the stage 2 security architecture of the ETSI Intelligent Transport System (ITS). The
stage 2 security architecture and security services shall be used as the basis for further developing the ITS security
architecture by mapping the security services and its functional components to the ITS architecture [i.7]. This mapping
is part of stage 3 specifications.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI TR 102 893: "Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk
Analysis (TVRA)".
[i.2] ETSI ETS 300 387: "Private Telecommunication Network (PTN); Method for the specification of
basic and supplementary services".
[i.3] United Nations General Assembly resolution 217 A (III) 10 December 1948: "Universal
Declaration of Human Rights".
[i.4] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the electronic communications
sector (Directive on privacy and electronic communications).
[i.5] COM 96/C 329/01: "European Union Council Resolution of 17 January 1995 on the Lawful
Interception of Telecommunications".
[i.6] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data.
ETSI
8 ETSI TS 102 731 V1.1.1 (2010-09)

[i.7] ETSI EN 302 665: "Intelligent Transport Systems (ITS); Communications Architecture".
[i.8] ITU-T Recommendation I.130: "Method for the characterization of telecommunication services
supported by an ISDN and network capabilities of an ISDN".
[i.9] ISO/IEC 15408: "Information technology - Security techniques - Evaluation criteria for IT
security".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authorization authority: security management entity responsible for issuing, monitoring the use of and withdrawing
authorization tickets
authorization ticket: data object that demonstrates that the valid holder is entitled to take specific actions
NOTE: In the present document, "authorization ticket" is reserved for data objects used in message exchanges
between ITS Stations and does not refer to data objects used in message exchanges between an ITS
Station and a security management entity.
canonical identity: identifier unique to a particular ITS-S that persists throughout the lifetime of the ITS-S and can be
presented to an enrolment authority when the ITS-S requests enrolment credentials
enrolment authority: security management entity responsible for the life cycle management of enrolment credentials
enrolment credential: data object that is used in message exchanges between an ITS Station and a security
management entity and demonstrates that the valid holder is entitled to apply for authorization tickets
enrolment domain: scope of authority of an enrolment authority; the conditions under which an enrolment authority's
enrolment credentials are valid
EXAMPLE: A domain might be a country, a region within that country, multiple countries; or another
grouping, such as all vehicles made by a particular OEM.
identity: See canonical identity.
official role vehicle: vehicle whose ITS-S is claiming privileges due to its having a particular role
EXAMPLE: Emergency response vehicles, public transit vehicles, or maintenance vehicles.
personal user vehicle: vehicle that is not an official role vehicle
pseudonym: alias identity within the context of the Pseudonymity service defined in ISO/IEC 15408 [i.9]
security management entity: entity within the ITS system that is responsible for issuing, supervising the use of and if
necessary, withdrawing security material
NOTE: In the present document, the security management entities are enrolment authorities and authorization
authorities.
security material: data objects such as authorization tickets, enrolment credentials, and keys, that are used by an ITS-S
to ensure the correct operation of security services
security mechanism: process (or a device incorporating such a process) that can be used in a system to implement a
security service that is provided by or within the system
security policy: set of rules and practices that specify or regulate how a system or organization provides security
services to protect resources
ETSI
9 ETSI TS 102 731 V1.1.1 (2010-09)

security service: processing or communication capability that is provided by a system to give a specific kind of
protection to resources where these resources may reside within the system or any other system
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
BSA Basic Set of Applications
CAM Cooperative Awareness Message
DEN Decentralized Environmental Notification
IAAA Identification, Authentication, Authorization, Accountability
ITS Intelligent Transport System
ITS-S ITS Station
OEM Original Equipment Manufacturer
O-UAT Official role user Universal Authorization Ticket
P-BAT Personal User Broadcast Authorization Ticket
PKI Public Key Infrastructure
P-UAT Personal User Unicast Authorization Ticket
SA Security Association
SAID SA identifier
TVRA Threat, Vulnerability and Risk Analysis
4 Purpose of the Present Document
ETSI has developed a Threat, Vulnerability, Risk Analysis (TVRA) and a supportive database eTVRA with the aim of
making better security standards. TVRA is directly related to the ITU-T Recommendation I.130 [i.8] 3 stage standards
development method described in ETS 300 387 [i.2]. Figure 1 shows the mapping of TVRA to the 3 stages approach.
TVRA consist of seven steps, where step 1 provides security objectives, which aligns to stage 1 according to the
3 stages approach. TVRA step 2 provides security functional requirements, which aligns to stage 2, and TVRA step 7
provides detailed security requirements, which aligns to stage 3. TVRA steps 4, 5 and 6 provide proof that links the
detailed security requirements to the security requirements and security objectives, documenting the argumentation for
that the detailed security requirements or stage 3 specifications fulfil the security objectives and security requirements
or the stage 1 and 2 specifications. TVRA steps 1, 2 and 7 results are fed directly into the relevant standards documents,
while the results from TVRA steps 4, 5 and 6 are documented separately in a TVRA document (usually a TR).
The present document provides stage 2 descriptions of the security services and security architecture of the ETSI
Intelligent Transport System (ITS). These are abstract in that they identify the main functional components and the
information flow between them. These functional entities have in the present document been mapped to the stage 2
security architecture. The stage 2 architecture is a provisional architectural description that shall be refined in stage 3
into the ITS security architecture.
Stage 2 specifications are only intended as the basis for stage 3 specifications, and do not represent deployment and
implementation details. Stage 3 specifications should be used for those purposes.
ETSI
10 ETSI TS 102 731 V1.1.1 (2010-09)

TTVVRRAA II--130130
SSttepep 1 1:: SSecuecurriityty O Obbjjeectictivveses
StStaaggee 1 1
SSttepep 2 2:: SSecuecurriityty F Fuunnccttiioonnalal
StStaaggee 2 2
RReeqquuiirrememenenttss ( (CCoouunntterermmeaseasuurre e
ffrramamewewoorrkk))
TVRTVRAA D Dooccuummeenntt
SStteepp 3 3:: AAsssseett In Invevennttoryory
TTVVRARA do doccuummeent nt iiss us useedd t too l liinnkk t thhee
SSttepep 4 4:: I Iddenenttiiffyy VVuullnnererababiilliittiieess,, oobbjjectectiivveses an andd ffuunncctitioonnalal r reeqquuiirrememenentsts
TThhrreateatss an andd UUnnwwaanntteedd I Innciciddeennttss toto th the de deetaitailleded s secuecurriityty r reeqquuiirrememenentsts.
TThhisis m meaneanss th that that the e TTVVRRAA ddoocucummeenntt
SStteepp 5: 5: QQuuantantiiffyy L Liikkeelliihohoodod and and
coconnttaiainnss th the e arargguummeennttatiatioonn f foorr w whhyy th the e
IImmppactact
ddeetaitailleedd s secuecurriityty r reeqquuiirrememenenttss arare e
SStteepp 6: 6: E Essttaabliblisshh R Riisskkss apappprroopprriiate sate soolluutitioonnss toto th the oe obbjjectiectivveses
anandd f fuunncctitioonnalal r reeqquuiirrememenentsts.
SSttepep 77:: D Deetaitailleedd S Secuecurriityty
StStaaggee 3 3
RReeqquuiirrememenenttss
Figure 1: Mapping TVRA to the 3 stages approach
as defined in ITU-T Recommendation I.130 [i.8]
5 Refinement of Countermeasures
The general ITS G5A security model is based upon the fundamental principles and assumptions described in
TR 102 893 [i.1] and copied below:
1) An ITS-S communicates with the ITS infrastructure when such infrastructure is within 5,9 GHz radio range.
NOTE: The radio characteristics of V2V and V2I are identical and the present document does not identify means
to distinguish between a station representing an infrastructure and a station representing another vehicle.
2) An ITS-S authenticates itself to the ITS infrastructure using an authoritative identifier which may be issued by
a regulatory authority and is either:
- permanently embedded in the ITS-S hardware; or
- held in any other persistent and tamper-proof carrier.
3) Upon successful authentication, an ITS-S is given a pseudonym which it uses to identify itself in all
communications with other ITS stations.
4) The quality and stability of any software installed on an ITS-S has been validated by the ITS authority before
it is installed.
The countermeasures identified in the TR 102 893 [i.1] are implemented by a number of ITS security services which
fall into two distinct categories:
1) changes to one or several component parts of the ITS architecture; and
2) the addition of new functionality (entities), including security services to single or several components or parts
of the ITS architecture.
ETSI
11 ETSI TS 102 731 V1.1.1 (2010-09)

Table 1 summarizes the countermeasures and the security services required within an ITS-S to effect them. Security
services identified in the table as "First Level" are those that are invoked directly by applications or other components
or layers in the ITS Basic Set of Applications (BSA). Services identified as "Lower Level" are those that are invoked by
other security services. Line items in table 1 which are "greyed" out are not defined in the present document as they do
not lead to distinct security services but may be addressed by configuration of the ITS protocol stack or system.
Table 1: Countermeasures and related security services
Countermeasure Security Services
First Level Lower Level Data Accessed
Reduce frequency of repeated
messages (note 2)
Include pseudonym in all V2V Pseudonym Validation
messages
Require an ITS-S to be Obtain Enrolment Security Parameters
authorized by an ITS authority Credentials (Authentication Keys)
before its messages are
accepted by the ITS system
Limit message traffic to V2I/I2V Obtain Enrolment Security Parameters
where possible Credentials (Authentication Keys)
Authorization Policy Database, Security
Parameters (Authorization
Ticket)
Establish Security Association Security Parameters
(Pseudonym,
Encryption Keys)
Send Secured Message Encrypt Outgoing Message Security Parameters
(Pseudonym,
Encryption Key)
Authenticate Outgoing Security Parameters
Message (Pseudonym,
Authentication Key)
Receive Secured Decrypt Incoming Message Security Parameters
Message (Encryption Key)
Validate Authentication on Security Parameters
Incoming Message (Pseudonym,
Authentication Key)
Update Security Remove Security Association Security Parameters
Association (Pseudonym,
Encryption Key)
Establish Security Association Security Parameters
(Pseudonym,
Encryption Key)
Remove Enrolment Authorization Policy Database, Security
Credentials Parameters (Authorization
Ticket)
Remove Security Association Security Parameters
(Pseudonym,
Encryption Key)
Implement frequency agility
within the 5,9 GHz band
(note 2)
Alternative communications
path for security management
purposes (note 2)
ETSI
12 ETSI TS 102 731 V1.1.1 (2010-09)

Countermeasure Security Services
First Level Lower Level Data Accessed
Implement plausibility validation Validate Data Plausibility Validate Dynamic Parameters LDM
on incoming information
Validate Timestamp
Validate Sequence Number
Include a non cryptographic Insert Check Value Calculate Check Value
checksum of the message in Validate Check Value Calculate Check Value
each message sent (note 1)
Use broadcast time (Universal Timestamp Message
Coordinated Time - UTC - or
Validate Timestamp
GPS) to timestamp all
messages
Include a sequence number in Insert Sequence Number
each new message
Validate Sequence Number
Software authenticity and
integrity are certified before it is
installed (note 2)
Include an authoritative identity Validate pseudonym Security Parameters
in each message and (Authentication Keys)
authenticate it
Encrypt the transmission of Send Encrypted Data Encrypt Outgoing Message Security Parameters
personal and private data (Encryption Keys)
Process Received Decrypt Incoming Message Security Parameters
Encrypted Data (Encryption Keys)
Use hardware-based identity
and protection of software on
an ITS-S (note 2)
Add an audit log to ITS stations Update Audit Log Record Incoming ITS Audit Logs
to store the type and content of Messages
each message sent to and from
Record Outgoing ITS Audit Logs
an ITS-S Messages
Digitally sign each message Sign Outgoing Message Generate Signature Security Parameters
using a Kerberos/PKI-like token (Certificate, Keys)
Authorization Policy database,
Security Parameters
(Authorization Ticket)
Verify Incoming Signed Verify Signature Security Parameters
Message (Certificate, Keys)
Authorization Policy database,
Security Parameters
(Certificate Status
Information)
Use a pseudonym that cannot Obtain Enrolment Identification (authoritative Security Parameters
be linked to the true identity of Credentials identity provider) (Pseudonym,
either the user or the user's Encryption Key)
vehicle remove Enrolment Identification (authoritative Security Parameters
Credentials identity provider) (Pseudonym,
Encryption Key)
Allow remote activation and ITS-S Remote Authorization Policy Database
deactivation of ITS-S Management
Deactivate ITS Transmission Security Parameters
Report Misbehaving ITS-S (Authorization Ticket)
Activate ITS Transmission Security Parameters
(Authorization Ticket)
Report Misbehaviour Security Parameters
(Authorization Ticket)
NOTE 1: The use of checksums and Cyclic Redundancy Checks is only effective at the ITS protocol layers below the
Application and Network layers where a check value can easily be recalculated and inserted in a false or
manipulated message.
NOTE 2: Items which are "greyed" out are not defined in the present document but may be addressed in other parts of
the ETSI ITS standardisation programme.

ETSI
13 ETSI TS 102 731 V1.1.1 (2010-09)

For the sake of convenience, the security services identified in table 1 have been grouped according to the security
service they provide from the Confidentiality Integrity Availability model in … and by function, as shown in table 3.
Table 2: Identified security service mapped to CIA paradigm
Confidentiality Integrity Availability
Include source address in all V2V messages  X
Require an ITS-S to be authorized by an ITS authority before its messages are X
accepted by the ITS system
Limit message traffic to V2I/I2V where possible  X
Implement plausibility validation on incoming information X X
Include a non cryptographic checksum of the message in each message sent X
Use broadcast time (Universal Coordinated Time - UTC - or GPS) to timestamp  X
all messages
Include a sequence number in each new message  X
Include an authoritative identity in each message and authenticate it  X
Encrypt the transmission of personal and private data X
Add an audit log to ITS stations to store the type and content of each message X
sent to and from an ITS-S
Digitally sign each message using a Kerberos/PKI-like token X X
Use a pseudonym that cannot be linked to the true identity of either the user or X
the user's vehicle
Allow remote activation and deactivation of ITS-S  X

The bulk of the availability measures can be further broken down into classifications of Identification, Authentication
and Authorisation.
Table 3: ITS security service grouping
Security Service Group Security Service at Tx Security service at Rx
Enrolment Obtain Enrolment Credentials
Remove Enrolment Credentials
Update Enrolment Credentials
Authorisation Add authorisation credential to
single message
Obtain Authorization Ticket
Validate authorisation
credential of received message
Update Authorization Ticket
Security Association management Establish Security Association Establish Security Association
Remove Security Association Remove Security Association
Update Security Association Update Security Association
Authentication services Authenticate ITS user Authenticate ITS user
Authenticate ITS network Authenticate ITS network

Confidentiality services Encrypt single outgoing
message
Decrypt single incoming
message
Send secured message
Receive secured message
Integrity services Insert check value
Validate check value
Calculate check value
ETSI
14 ETSI TS 102 731 V1.1.1 (2010-09)

Security Service Group Security Service at Tx Security service at Rx
Replay Protection services Timestamp message
Validate timestamp
Insert sequence number
Validate sequence number
Insert challenge
Use received challenge
Validate use of challenge
Accountability services Record incoming message
Record outgoing message
...