ETSI TR 103 630 V1.1.1 (2020-11)

TECHNICAL REPORT
Intelligent Transport Systems (ITS);
Security;
Pre-standardization Study on ITS Facility Layer Security
for C-ITS Communication Using Cellular Uu Interface

2 ETSI TR 103 630 V1.1.1 (2020-11)

Reference
DTR/ITS-00551
Keywords
ITS, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2020.
All rights reserved.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners. ®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
3 ETSI TR 103 630 V1.1.1 (2020-11)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
Introduction . 5
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 9
3.1 Terms . 9
3.2 Symbols . 9
3.3 Abbreviations . 9
4 Background . 10
4.1 ITS architecture and wide-area cellular communications for ITS . 10
4.1.1 ITS station architecture . 10
4.1.2 Wide-area Communications for ITS Applications through Mobile Cellular Networks . 11
4.2 ITS Application Use Cases Supported by Wide-area Cellular Communications and Security
Requirements . 15
4.3 Related ETSI ITS Standards . 16
4.4 Solutions for secure ITS communications using wide-area cellular communications . 16
4.4.1 ITS security at GeoNetworking layer . 16
4.4.2 ITS security at Facilities layer . 18
4.4.3 Transport layer security for IP based ITS communications . 20
4.4.4 ISO/DTS 21177 ITS-station security services for secure session establishment and authentication
between trusted devices . 21
5 Gap analysis of ETSI ITS standards to enable ITS security at the facilities layer . 22
5.1 Security Entity . 22
5.1.1 ETSI TS 102 940 ITS communication security architecture and security management . 22
5.1.1.1 Scope of the standard . 22
5.1.1.2 Identified gaps and proposed standardization activities . 22
5.1.1.2.1 Missing wide-area communications in ITS applications communication characteristics

description . 22
5.1.1.2.2 Placement of security services "Authorize Single Message" and "Validate Authorization on
Single Message" at the facilities layer . 23
5.1.1.2.3 The role of central ITS station in ITS security function model . 23
5.1.1.2.4 Pseudonym identity management for ITS stations using wide-area cellular communication. 23
5.1.1.2.5 Communication between vehicle ITS station and central ITS station in PKI architecture

illustration . 24
5.1.2 ETSI TS 102 941 Trust and Privacy Management . 24
5.1.2.1 Scope of the standard . 24
5.1.2.2 Identified gaps and proposed standardization activities . 24
5.1.2.2.1 ITS-S is limited to "Single-hop and relayed broadcast message" . 24
5.1.3 ETSI TS 103 097 Security header and certificate formats . 25
5.1.3.1 Scope of the standard . 25
5.1.3.2 Identified gaps and proposed standardization activities . 25
5.2 Facilities Layer Standards . 25
5.2.1 ETSI EN 302 637-3 Specifications of Decentralized Environmental Notification Basic Service . 25
5.2.1.1 Scope of the standard . 25
5.2.1.2 Identified gaps and proposed standardization activities . 25
5.2.1.2.1 Interface to the ITS security entity . 25
5.2.1.2.2 No specification of secured message format and security operation for DENM at the
Facilities layer . 26
ETSI
4 ETSI TR 103 630 V1.1.1 (2020-11)
5.2.2 ETSI TS 103 301 Facilities layer protocols and communication requirements for infrastructure
services . 27
5.2.2.1 Scope of the standard . 27
5.2.2.2 Identified gaps and proposed standardization activities . 27
5.2.2.2.1 Interface to the ITS security entity . 27
5.2.2.2.2 No specification of secured message format and security operation for infrastructure-based
services at the Facilities layer . 28
5.2.3 ETSI EN 302 637-2 Specification of Cooperative Awareness Basic Service . 28
5.2.3.1 Scope of the standard . 28
5.2.3.2 Identified gaps and proposed standardization activities . 28
5.2.3.2.1 Interface to the ITS security entity . 28
5.2.3.2.2 No specification of security message format and security operation for CAM at the Facilities
layer . 29
5.3 Interface between Security Entity and Facilities Layer . 29
6 Conclusions . 29
Annex A: Security solutions for cellular based ITS in pilot and field trial projects . 31
A.1 CONVERGE project . 31
Annex B: Comparison of ITS security solutions for C-ITS over IP based cellular
communication . 32
History . 34

ETSI
5 ETSI TR 103 630 V1.1.1 (2020-11)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Intelligent Transport Systems (ITS).
Modal verbs terminology
In the present document "should", "should not", "may", "need not", "will", "will not", "can" and "cannot" are to be
interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Using both short-range and wide-area communications for Cooperative ITS (C-ITS) deployment is part of the European
strategy on C-ITS [i.12]. The ITS reference architecture [i.1] also specifies an access layer incorporating different
access technologies for both short-range and wide-area communications. The European C-ITS certificate and security
policies [i.10] and [i.11] have been defined for setting up one common C-ITS trust domain for the EU, which gives trust
to ITS services using both short-range and wide-area communication technologies.
Many current ETSI ITS standards, e.g. [i.5], [i.6], and [i.7], have been developed considering short-range
communications as the main access technology, though the standards of higher layers should be agnostic and flexible
with the communication technologies [i.12]. Among many ITS security solutions, enabling security functions at the
Facilities layer is one way of providing end-to-end ITS security in C-ITS independent from the lower layer protocols.
The purpose of the present document is to investigate which amendments to existing ETSI ITS standards are needed to
facilitate ITS security operations at the Facilities layer considering C-ITS deployment scenarios using wide-area
communications based on mobile cellular networks. Other ITS security solutions, e.g. performing security operations at
the network layer with GeoNetworking protocol, can equally provide end-to-end ITS security. Study in the present
document aims at enabling ITS security at the Facilities layer while keeping compatibility with other ITS security
solutions.
Wide-area cellular communications have different characteristics compared with short-range communications when
supporting secured message exchange for ITS applications. The framework of mobile networks in C-ITS, including the
impacts to the ITS system architecture defined in [i.1], are studied in [i.13] by ETSI ITS WG2. The present document
studies the use cases and requirements of security when using wide-area cellular communications for ITS applications.
ETSI
6 ETSI TR 103 630 V1.1.1 (2020-11)
The present document also identifies standardization activities to enable ITS security at Facilities layer in ETSI ITS as
one way to facilitate C-ITS deployment using wide-area cellular communications.
Since wide-area communications through cellular networks uses IP protocol at the network layer, ITS security at the
Facilities layer discussed in the present document is based on IP protocol stacks and in principle can be applied to any
communication channel that uses an IP-based protocol stack, e.g. communications among ITS backend systems.
NOTE: Commercial mobile cellular networks provide communication services ensuring confidentiality and
integrity as well as the authentication of base stations meeting high security requirements. However, the
present document focuses at the C-ITS security features following the European C-ITS certificate and
security policies [i.10] and [i.11]. The intrinsic security features of mobile cellular systems can further
contribute to the security of C-ITS communications, but these are out scope of the present document.

ETSI
7 ETSI TR 103 630 V1.1.1 (2020-11)
1 Scope
The present document analyses the existing solutions for secured ITS communications using wide-area cellular systems.
The present document also identifies gaps in current ETSI ITS standards for enabling security features at the ITS
Facilities layer, to facilitate secured C-ITS implementation using security features above the Networking & Transport
layer when using wide-area cellular communications. The present document also proposes necessary standardization
activities to close the identified gaps while considering interoperability and backward compatibilities with existing
standards.
2 References
2.1 Normative references
Normative references are not applicable in the present document.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI EN 302 665 (V1.1.1) (2010-09): "Intelligent Transport Systems (ITS); Communications
Architecture".
[i.2] ETSI TS 102 940 (V1.3.1) (2018-04): "Intelligent Transport Systems (ITS); Security; ITS
communications security architecture and security management".
[i.3] ETSI TS 102 941 (V1.3.1) (2019-02): "Intelligent Transport Systems (ITS); Security; Trust and
Privacy Management".
[i.4] ETSI TS 103 097 (V1.3.1) (2017-10): "Intelligent Transport Systems (ITS); Security; Security
header and certificate formats".
[i.5] ETSI TS 103 301 (V1.3.1) (2020-02): "Intelligent Transport Systems (ITS); Vehicular
Communications; Basic Set of Applications; Facilities layer protocols and communication
requirements for infrastructure services".
[i.6] ETSI EN 302 637-2 (V1.4.1) (2019-04): "Intelligent Transport Systems (ITS); Vehicular
Communications; Basic Set of Applications; Part 2: Specification of Cooperative Awareness Basic
Service".
[i.7] ETSI EN 302 637-3 (V1.3.1) (2019-04): "Intelligent Transport Systems (ITS); Vehicular
Communications; Basic Set of Applications; Part 3: Specifications of Decentralized
Environmental Notification Basic Service".
[i.8] ETSI TS 102 731 (V1.1.1) (2010-09): "Intelligent Transport Systems (ITS); Security; Security
Services and Architecture".
[i.9] IEEE Std 1609.2™-2016: "IEEE Standard for Wireless Access in Vehicular Environments --
Security Services for Applications and Management Messages", as amended by IEEE Std
1609.2a™-2017: "Standard for Wireless Access In Vehicular Environments -- Security Services
for Applications and Management Messages Amendment 1".
ETSI
8 ETSI TR 103 630 V1.1.1 (2020-11)
[i.10] Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport
Systems (C-ITS), Release 1.1, June 2018.
NOTE: Available at https://ec.europa.eu/transport/sites/transport/files/c-its_certificate_policy-v1.1.pdf.
[i.11] Security Policy & Governance Framework for Development and Operation of European
Cooperative Intelligent Transport Systems (C-ITS), Release 1, December 2017.
NOTE: Available at https://ec.europa.eu/transport/sites/transport/files/c-its_security_policy_release_1.pdf.
[i.12] EC, COM (2016) 766: "A European strategy on Cooperative Intelligent Transport Systems, a
milestone towards cooperative, connected and automated mobility", 2016.
[i.13] ETSI TR 102 962 (V1.1.1) (2012-02): "Intelligent Transport Systems (ITS); Framework for Public
Mobile Networks in Cooperative ITS (C-ITS)".
[i.14] ETSI TS 136 300 (V14.2.0): "LTE; Evolved Universal Terrestrial Radio Access (E-UTRA) and
Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description; Stage 2
(3GPP TS 36.300 version 14.2.0 Release 14)".
[i.15] ETSI EN 302 663: "Intelligent Transport Systems (ITS); ITS-G5 Access layer specification for
Intelligent Transport Systems operating in the 5 GHz frequency band".
[i.16] CONVERGE Project, Deliverable D4.3: "Architecture of the Car2X Systems Network",
Version 1.2, 2015.
NOTE: Available at http://www.converge-online.de/doc/download/Del%2043%20Masterdocument.zip.
[i.17] ETSI EN 302 636-4-1 (V1.4.1) (2020-01), "Intelligent Transport Systems (ITS); Vehicular
Communications; GeoNetworking; Part 4: Geographical addressing and forwarding for point-to-
point and point-to-multipoint communications; Sub-part 1: Media-Independent Functionality".
[i.18] ISO/DTS 21177: "Intelligent transport systems -- ITS station security services for secure session
establishment and authentication between trusted devices".
[i.19] ETSI TS 102 943 (V1.1.1) (2012-06): "Intelligent Transport Systems (ITS); Security;
Confidentiality services".
[i.20] IETF RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
[i.21] IETF draft-msahli-ise-ieee1609-01: "TLS Authentication using IEEE 1609.2 certificate".
NOTE: Available at https://tools.ietf.org/pdf/draft-msahli-ise-ieee1609-01.pdf.
TM
[i.22] IEEE 1609.2b -2019: "IEEE Standard for Wireless Access in Vehicular Environments--Security
Services for Applications and Management Messages - Amendment 2 -- PDU Functional Types
and Encryption Key Management".
[i.23] ETSI TR 102 893 (V1.2.1) (2017-03): "Intelligent Transport Systems (ITS); Security; Threat,
Vulnerability and Risk Analysis (TVRA)".
[i.24] SCOOP@F, C-ROADS France, InterCor: "Hybrid end-to-end security: Specification",
Deliverable 2.4.4.11-H, Version 4.00, 14/11/2019.
[i.25] ETSI TS 151 011 (V4.15.0): "Digital cellular telecommunications system (Phase 2+);
Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface (3GPP
TS 51.011 version 4.15.0 Release 4)".
[i.26] ETSI TS 131 102 (V15.10.0): "Universal Mobile Telecommunications System (UMTS); LTE; 5G;
Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102
version 15.10.0 Release 15)".
[i.27] ETSI TS 102 723-8 (V1.1.1) (2016-04): "Intelligent Transport Systems (ITS); OSI cross-layer
topics; Part 8: Interface between security entity and network and transport layer".
ETSI
9 ETSI TR 103 630 V1.1.1 (2020-11)
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in ETSI EN 302 665 [i.1] and the following apply:
ITS backend: centralized system in the backend providing ITS services
EXAMPLE: Systems at traffic control, traffic management, ITS application suppliers, or automotive OEMs.
NOTE: A central ITS station may be part of an ITS backend.
ITS-G5: access technology according to ETSI EN 302 663 [i.15]
LTE-V2X Sidelink: access technology using V2X sidelink communication according to ETSI TS 136 300 [i.14]
Uu interface: interface between user equipment and base station in 3GPP systems
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
nd
2G 2 Generation
rd
3G 3 Generation
rd
3GPP 3 Generation Partnership Project
th
4G 4 Generation
th
5G 5 Generation
AMQP Advanced Message Queuing Protocol
BSA Basic Set of Applications
BTP Basic Transport Protocol
CA Cooperative Awareness
CAM Cooperative Awareness Message
C-ITS Cooperative - ITS
DEN Decentralized Environments Notification
DENM Decentralized Environments Notification Message
DPIA Data Protection Impact Assessment
DTLS Datagram Transport Layer Security
E2E End-to-End
EU European Union
GDPR General Data Protection Regulation
GN GeoNetworking
HTTP Hypertext Transfer Protocol
HTTPS Hyper Text Transfer Protocol Secure
I2I Infrastructure-to-Infrastructure
I2V Infrastructure-to-Vehicle
IP Internet Protocol
IPSec IP Security
ITS Intelligent Transport Systems
IVIM Infrastructure to Vehicle Information Message
IVS In-Vehicle Signage
MQTT Message Queuing Telemetry Transport
N2V Network-to-Vehicle
OEM Original Equipment Manufacturer
OSI Open System Interconnection
PDU Packet Data Unit
ETSI
10 ETSI TR 103 630 V1.1.1 (2020-11)
PKI Public Key Infrastructure
RHW Road Hazard Warning
RSU Road Side Unit
SF-SAP Security Facilities Service Access Point
SIM Subscriber Identity Module
SREM Signal Request Extended Message
SSEM Signal request Status Extended Message
SSP Service Specific Permissions
TCP Transmission Control Protocol
TLS Transport Layer Security
TVRA Threat, Vulnerability and Risk Analysis
UDP User Datagram Protocol
UE User Equipment
USIM Universal Subscriber Identity Module
V2I Vehicle-to-Infrastructure
V2N Vehicle-to-Network
V2V Vehicle-to-Vehicle
4 Background
4.1 ITS architecture and wide-area cellular communications for
ITS
4.1.1 ITS station architecture
ETSI EN 302 665 [i.1] describes an ITS station reference architecture based on the following four processing layers:
• Access Layer;
• Networking & Transport Layer;
• Facilities Layer; and
• Application Layer.
The Access Layer in the ETSI ITS station reference architecture represents the OSI layer 1 and 2 of the ITS station and
can be implemented with various communication technologies, including both short-range and wide-area
communications, as shown in Figure 1.
ETSI
11 ETSI TR 103 630 V1.1.1 (2020-11)

Figure 1: Access layer of ETSI ITS station reference architecture (ETSI EN 302 665 [i.1])
Cellular 2G/3G/4G/5G networks provide wide-area communications between User Equipment (UE) and base station,
which is known as the Uu interface in the 3GPP architecture of 3G, 4G, and 5G networks, supporting ITS applications.
The framework of mobile networks in C-ITS, including the impacts to the ITS system architecture defined in ETSI
EN 302 665 [i.1], have been studied in ETSI TR 102 962 [i.13]. The present document studies the use cases and
requirements of security at the facilities layer when using wide-area cellular communications for ITS applications.
4.1.2 Wide-area Communications for ITS Applications through Mobile
Cellular Networks
The framework of 3G/4G cellular networks in Cooperative ITS (C-ITS) is described in ETSI TR 102 962 [i.13].
NOTE 1: A revision of [i.13] is under development to include the 5G cellular network for support of day one ITS
applications and other advanced automotive and ITS applications.
Figure 2 shows an overview of ITS using wide-area cellular communications, where the dashed lines indicate links at
the access layers and solid lines show the path of ITS message communication with the arrows indicating the direction
of information flows.
ETSI
12 ETSI TR 103 630 V1.1.1 (2020-11)

Figure 2: Overview of ITS using wide-area cellular communications
involving multiple service providers and cellular networks

Figure 3: Overview of V2V via cellular infrastructure using wide-area cellular communications
ETSI
13 ETSI TR 103 630 V1.1.1 (2020-11)

Figure 4: Overview of V2I and I2V using wide-area cellular communications
As shown in Figure 2 to Figure 4, mobile cellular networks support communications among vehicle, roadside, personal,
and central ITS stations through the network infrastructure. The following ITS messages flows are supported by
wide-area cellular communications:
• ITS messages are transmitted from ITS stations using the cellular UEs to ITS backends, where central ITS
stations are located, through cellular Uu interface using uplink unicast communications and cellular core
network.
• ITS messages are transmitted from the ITS backends to ITS stations using cellular UEs through cellular core
network and the Uu interface using downlink unicast communications.
• ITS messages are transmitted from the ITS backends to ITS stations using cellular UEs through cellular core
network and the Uu interface using downlink broadcast/multicast communications.
Combination of above ITS message flows enable communications among all ITS stations that use cellular UE and
within the coverage of mobile networks.
The cellular Uu interface does not support local direct ad-hoc communications among ITS stations without involving
the network infrastructure. Local direct ad-hoc communications are provided by short-range technologies, e.g. the LTE-
V2X sidelink or ITS-G5. Compared with short-range communications, the cellular Uu interface offers longer
communication distances.
Cellular networks support end-to-end IP-based communications, regardless of the generation of cellular communication
technology and mobile communication service provider. An example of the End-to-End protocol stack for ITS
applications over the 3GPP LTE network is shown in Figure 5.
ETSI
14 ETSI TR 103 630 V1.1.1 (2020-11)
ITS Applications ITS Applications
End to End ITS Message Delivery
CAM/DENM/IVIM etc. CAM/DENM/IVIM etc.
Facilities Layer Facilities Layer
MQTT, MQTT,
TCP or HTTP, … TCP or HTTP, …
End to End Transport Layer Session
TCP or TCP or
UDP UDP
Networking and UDP UDP Networking and
Transport Layer Transport Layer
IPv4 or IPv6 IPv4 or IPv6 IPv4 or IPv6 IPv4 or IPv6
PDCP PDCP GTP-U GTP-U GTP-U GTP-U
L2 L2 L2 L2
UDP UDP UDP UDP
RLC RLC
Access Layer Access Layer
IP IP IP IP
MAC MAC MAC MAC MAC MAC L1 L1 L1 L1
PHY PHY PHY PHY PHY PHY
S1-U S5 SGi
LTE-Uu
ITS Station with Base station Serving Gateway PDN Gateway IP Router ITS Station
UE
Mobile Cellular Network
Figure 5: Example end-to-end protocol stack of wide-area communications in
ITS through the cellular Uu interface
Observations about wide-area communications supporting ITS applications through mobile cellular networks include:
• Wide-area communications through cellular networks are based on IP protocol, either IPv4 or IPv6, at the
network layer. Therefore, ITS security at the Facilities layer studied in the present document is based on IP
protocol stacks and in principle can be applied to any communication channel that uses an IP-based protocol
stack, e.g. the communication among ITS backend systems.
• The GeoNetworking protocol [i.17], which is designed for short-range ad-hoc communications, may be also
needed in wide-area communications through cellular networks, in order to enable a fully transparent hybrid
communication approach when both short-range and cellular wide area access layers are involved.
• ITS facilities layer messages can be supported by IP-based protocol stacks, e.g. TCP/IP, UDP/IP,
MQTT/TCP/IP, AMQP/TCP/IP, etc., without using BTP/GeoNetworking at the Networking and Transport
layer. However, the IP protocol can as well be combined with GeoNetworking, e.g. by encapsulating the GN
packet (incl. payload) into an IP packet.
NOTE 2: The presence of the secured GeoNetworking header is a necessity to be able to communicate in a trusted
domain with existing ITS stations (backwards compatibility) using the GeoNetworking protocol.
• ITS security entity could ensure end-to-end ITS message authentication and integrity at the facilities layer
independently from the choice of lower Networking & Transport layer protocols and access technologies.
However, end-to-end communication is provided by the Networking and Transport layer, therefore security
can also be provided at this layer, e.g. as currently specified in the ITS station architecture. This is independent
from access technologies.
• As Subscriber Identity Module (SIM) is mandatory for all UEs, access to network is always authenticated
based on the SIM card for wide-area cellular communications. However, ETSI ITS message communications
have additional authenticity requirements [i.23], which are not fulfilled by SIM-based solutions and still rely
on ETSI ITS security solutions.
NOTE 3: The term SIM in the present document refers to the Subscriber Identity Module specified in 3GPP
specifications, e.g. ETSI TS 151 011 [i.25], and its evolution used in 3G and 4G mobile networks,
e.g. Universal Subscriber Identity Module (USIM) applications specified in ETSI TS 131 102 [i.26]. As
for 5G communications, the 3GPP Release 15 specifications still use USIM. From the user authentication
and security perspective, SIM and USIM are based on the same principles and both ensure authenticated
network access and secured communication other the Uu interface.
ETSI
15 ETSI TR 103 630 V1.1.1 (2020-11)
4.2 ITS Application Use Cases Supported by Wide-area
Cellular Communications and Security Requirements
ITS application use cases together with corresponding communication patterns and behaviour are analysed in [i.2].
Table 1 complements Table 2 in ETSI TS 102 940 [i.2] by considering wide-area communications among vehicles,
roadsides, and ITS backends, which are identified as Vehicle-to-Infrastructure (V2I) and Infrastructure-to-Infrastructure
(I2I), respectively.
NOTE 1: In this context, "infrastructure" covers both the roadside infrastructure and ITS backends. So, in Table 1,
I2V, V2I, I2I or V2I2V can also be interpreted as patterns implemented using cellular network
infrastructure.
Table 1: ITS applications communication behaviour
Use case Pattern Remarks
Emergency vehicle warning V2V/V2I CAM may be used
Slow vehicle indication V2V/V2I2V CAM may be used
Across traffic turn collision risk warning V2V/V2I2V CAM required
Merging Traffic Turn Collision Risk Warning V2V/I2V/V2I2V CAM required
Co-operative merging assistance V2V/I2V/V2I2V CAM required
Intersection collision warning V2V/I2V/V2I2V CAM required
Co-operative forward collision warning V2V/V2I2V CAM required
Lane Change Manoeuvre V2V/V2I2V CAM required
Emergency electronic brake lights V2V/V2I2V Low latency requirement
Wrong way driving warning (infrastructure based) I2V
Stationary vehicle - accident V2V/V2I/V2I2V
Stationary vehicle - vehicle problem V2V/V2I2V
Traffic condition warning V2V/I2V/V2I2V
Signal violation warning I2V
Roadwork warning I2V
Decentralized floating car data - Hazardous location V2V/I2V/V2I2V
Decentralized floating car data - Precipitations V2V/I2V/V2I2V
Decentralized floating car data - Road adhesion V2V/I2V/V2I2V
Decentralized floating car data - Visibility V2V/I2V/V2I2V
Decentralized floating car data - Wind V2V/I2V/V2I2V
Vulnerable road user Warning V2V/I2V/V2I2V
Indication V2V/V2I2V Low latency requirement
Pre-crash sensing warning
Data exchange V2V/V2I2V Low latency requirement
Co-operative glare reduction V2V/I2V/V2I2V
Regulatory/contextual speed limits notification I2V
Curve Warning I2V
Traffic light optimal speed advisory I2V Some Implementation of
Traffic Light Control use
CAM
Traffic information and Advertisement I2V
recommended itinerary Service I2V
Advertisement I2V
Public transport information
Service I2V
In-vehicle signage I2V May require message non-
repudiation
Advertisement I2V
Point of Interest notification
Service I2V
ETSI
16 ETSI TR 103 630 V1.1.1 (2020-11)
Use case Pattern Remarks
Automatic access control and Advertisement I2V
parking management Service I2V/V2I
ITS local electronic commerce I2V/V2I
Media downloading I2V/V2I
Insurance and financial services I2V/V2I
Fleet management I2V/V2I
Loading zone management I2V/V2I
Theft related services/After theft vehicle recovery I2V/V2I
Vehicle software/data provisioning and update I2V/V2I
Vehicle and RSU data calibration I2V/V2I/I2I
Traffic light priority request V2I For certain fleets, there
might be privacy protection
requirements dependent of
vehicle category
The analysis of security requirements of ITS applications in clause 4.3 of ETSI TS 102 940 [i.2], which cover all use
cases in Table 1 of the present document, is still valid for wide-area cellular communications but needs to be extended
for the requirement of message signature on top of (TLS) session security. There are ITS applications that require
message non-repudiation, e.g. IVS of regulatory road signs require each IVIM to be individually signed by the road
authority. In certain use cases such as traffic light priority, request message signatures will be used in order to allow
receivers of ITS messages to validate authenticity of the ITS message and the SSP authorization.
NOTE 2: ITS applications in Table 1 are examples that can be supported by current 3G/4G cellular mobile
networks. With the deployment of 5G mobile networks, which provide enhanced latency, reliability and
throughput capacities, further ITS and automotive applications are expected to be supported by cellular
wide-area communications.
4.3 Related ETSI ITS Standards
ETSI ITS standards ETSI TS 102 940 [i.2], ETSI TS 103 097 [i.4], and ETSI TS 102 941 [i.3] specify the ETSI ITS
security entity and corresponding operations realizing the PKI-based ITS security system according to the European
Certificate Policy [i.10].
However, to enable ITS security at the facilities layer independently from BTP/GeoNetworking protocols, further
evaluation of ETSI ITS standards at the Facilities layer, the Security entity, and the interfaces between them are needed.
Clause 5 analyses the gaps in current ETSI ITS standards and identify the needed standardization activities to enable
ITS security at the Facilities layer for ITS applications using wide-area cellular communications.
4.4 Solutions for secure ITS communications using wide-area
cellular communications
4.4.1 ITS security at GeoNetworking layer
In this solution, ITS security operations of Protocol Data Units (PDU), e.g. message signing and message verification,
are performed at the GeoNetworking layer. Figure 6 shows the protocol stack when the secured GeoNetworking PDU is
transmitted using the cellular Uu interface.
ETSI
17 ETSI TR 103 630 V1.1.1 (2020-11)
End User Applications
DENM …
ITS Facilities Layer
BTP
ITS NW&Transport
Sec_GN_SAP
Layer Security Entity
GeoNetworking
MQTT,
HTTP, …
Transport Layer
TCP/UDP
TCP/UDP
Network Layer IP
PDCP
Access Layer RLC
of Cellular Uu
MAC
interface
PHY
ITS Station with Uu
Interface
Figure 6: Example protocol stack for ITS message delivery via
the Uu interface using ITS security at the GeoNetworking layer
This solution follows the architecture specified in ETSI EN 302 636-4-1 [i.17], as shown in Figure 7, where
Sec_GN_SAP is the logical interface for the GeoNetworking layer to access security services provided by the security
entity.
Figure 7: Service primitives, SDUs and PDUs relevant for the GeoNetworking protocol [i.17]
ETSI
18 ETSI TR 103 630 V1.1.1 (2020-11)
In this solution, BTP and GeoNetworking layers are encapsulated in IP based protocol stacks, e.g. TCP/IP, UDP/IP,
MQTT/TCP/IP, AMQP/TCP/IP, or HTTP/TCP/IP when using the wide-area Uu interface. The receiver can in turn
decapsulate the GeoNetworking message from the IP packet and obtain the same packet with the same security header
as if the message would have been transmitted over a short-range communication link. This way, messages can be
received and forwarded in the same way independent of the access layer without prior translation or modification.
Figure 8 illustrates an example of scenario and protocol stacks for forwarding a DEN message with ITS security at the
GeoNetworking layer from the wide-area channel to the short-range channel. The approach in Figure 7 has been
implemented in SCOOP@F, C-ROADS France and InterCor projects [i.24].
SignerID* and SignerID* and
Payload (toBeSignedData)
Signature Signature
stable from end to end
Security envelope
Facilities Layer
DENM
DENM
BTP
BTP
Networking and
Common Hdr.
Common Hdr.
Transport Layer
GeoNetworking
Basic Hdr.
Basic Hdr.
Central
TCP/
Access Layer
ITS-
(Mobile) IP
Station
*SignerIdentifier = certificate or digest
Access Layer
Wide area
communication
Short range communication
GeoBroadcast Area
Figure 8: I2V2V using multi-hop forwarding using cellular and short-range access layers
NOTE: Additional transport layer and network layer security mechanisms, e.g. TLS, DTLS, and IPSec can be
applied in this solution. This solution has been implemented with wide-area communications and tested in
many pilot and field trial projects, e.g. the CONVERGE project [i.16], where a hybrid communication
solution consisting of both short-range ITS-G5 and cellular Uu interfaces has been developed. More
details about the security solution implemented in the CONVERGE project can be found in Annex A.
4.4.2 ITS security at Facilities layer
The logical interface Security Facilities Service Access Point (SF-SAP) defined in the DEN service specification [i.7]
provides another way for securing ITS communications when using wide-area communications. As the SF-SAP
interface provide access to ITS security services, Facilities layer ITS messages can be signed and verified at the
Facilities layer without relying on underlying ITS networking and transport layers, e.g. BTP and GeoNetworking.
ETSI
19 ETSI TR 103 630 V1.1.1 (2020-11)
Applications
FA-SAP
Facilities
LDM
DEN Basic
Service
NF- SAP
Networking & Transport
Access
Figure 9: DEN basic service and logical interfaces [i.7]
As a result, the protocol stack, as shown in Figure 10, can be used at ITS stations, where secured ITS facilities layer
messages are transmitted directly over the IP based protocol stacks, e.g. TCP/IP, UDP/IP, MQTT/TCP/IP,
HTTP/TCP/IP, etc.
End User Applications
Sec_GN_SAP
Security Entity
ITS Facilities Layer DENM …
BTP
ITS NW&Transport
Layer (Optional)
GeoNetworking
MQTT,
HTTP, …
Transport Layer
TCP/UDP
TCP/UDP
Network Layer IP
PDCP
Access Layer
RLC
of Cellular Uu
MAC
interface
PHY
ITS Station with Uu
Interface
Figure 10: Example protocol stack for ITS message delivery via
the Uu interface using ITS security at the Facilities layer
In addition to the SF-SAP interface that needs to be specified, other ETSI ITS facilities layer and security standards also
need to be updated to enable this solution, as discussed in clause 5.
ETSI
--
...