Intelligent transport systems - ITS station security services for secure session establishment and authentication between trusted devices (ISO/TS 21177:2019)

This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities: - devices operated as bounded secured managed entities, i.e. "ITS Station Communication Units" (ITS-SCU) and "ITS station units" (ITS-SU) specified in ISO 21217, and - between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many ITS applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2[5]), and roadside/infrastructure related services.

Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren Aufbau und Authentizierung einer Sitzung zwischen zuverlässigen Geräten (ISO/TS 21177:2019)

Systèmes intelligents de transport - Interface véhicule sécurisée - Services de sécurité de la station ITS pour l'établissement et l'authentification des sessions sécurisées (ISO/TS 21177:2019)

Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami (ISO/TS 21177:2019)

Ta dokument vsebuje specifikacije za storitve varovanja postaj ITS, ki so potrebne za zagotovitev verodostojnosti vira in celovitosti informacij, izmenjanih med zaupanja vrednimi enotami: – naprave, ki delujejo kot omejene varovane upravljane enote, tj. »komunikacijske enote postaje ITS« (ITS-SCU) in »enote postaj ITS« (ITS-SU), določene v standardu ISO 21217, in – med enotami ITS-SU (sestavljenimi iz ene ali več postaj ITS- SCU) ter zunanjo zaupanja vredno enoto, kot so senzorska in nadzorna omrežja. Te storitve vključujejo preverjanje pristnosti in varno vzpostavitev seje, ki sta potrebna za zaupno in varno izmenjavo informacij. Te storitve so bistvene za različne aplikacije ITS in storitve, vključno s časovno kritičnimi varnostnimi aplikacijami, samodejno vožnjo, daljinskim upravljanjem postaj ITS (ISO 24102-2 [5]) ter obcestnimi/infrastrukturnimi storitvami.

General Information

Status
Withdrawn
Publication Date
06-Nov-2019
Withdrawal Date
25-May-2023
Technical Committee
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
26-May-2023
Due Date
18-Jun-2023
Completion Date
26-May-2023

Relations

Buy Standard

Technical specification
TS CEN ISO/TS 21177:2019 - BARVE
English language
97 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN ISO/TS 21177:2019
01-december-2019
Inteligentni transportni sistemi - Storitve varovanja postaj ITS za varno
vzpostavitev sej in preverjanje pristnosti med zaupanja vrednimi napravami
(ISO/TS 21177:2019)
Intelligent transport systems - ITS station security services for secure session
establishment and authentication between trusted devices (ISO/TS 21177:2019)
Intelligente Verkehrssysteme - Sicherheitsdienste für eine ITS-Station zum sicheren
Aufbau und Authentizierung einer Sitzung zwischen zuverlässigen Geräten (ISO/TS
21177:2019)
Systèmes intelligents de transport - Interface véhicule sécurisée - Services de sécurité
de la station ITS pour l'établissement et l'authentification des sessions sécurisées
(ISO/TS 21177:2019)
Ta slovenski standard je istoveten z: CEN ISO/TS 21177:2019
ICS:
03.220.01 Transport na splošno Transport in general
35.030 Informacijska varnost IT Security
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
SIST-TS CEN ISO/TS 21177:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN ISO/TS 21177:2019

---------------------- Page: 2 ----------------------
SIST-TS CEN ISO/TS 21177:2019


CEN ISO/TS 21177
TECHNICAL SPECIFICATION

SPÉCIFICATION TECHNIQUE

October 2019
TECHNISCHE SPEZIFIKATION
ICS 03.220.01; 35.030; 35.240.60
English Version

Intelligent transport systems - ITS station security services
for secure session establishment and authentication
between trusted devices (ISO/TS 21177:2019)
Systèmes intelligents de transport - Interface véhicule Intelligente Verkehrssysteme - Sicherheitsdienste für
sécurisée - Services de sécurité de la station ITS pour eine ITS-Station zum sicheren Aufbau und
l'établissement et l'authentification des sessions Authentizierung einer Sitzung zwischen zuverlässigen
sécurisées (ISO/TS 21177:2019) Geräten (ISO/TS 21177:2019)
This Technical Specification (CEN/TS) was approved by CEN on 13 August 2019 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TS 21177:2019 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST-TS CEN ISO/TS 21177:2019
CEN ISO/TS 21177:2019 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST-TS CEN ISO/TS 21177:2019
CEN ISO/TS 21177:2019 (E)
European foreword
This document (CEN ISO/TS 21177:2019) has been prepared by Technical Committee ISO/TC 204
"Intelligent transport systems" in collaboration with Technical Committee CEN/TC 278 “Intelligent
transport systems” the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO/TS 21177:2019 has been approved by CEN as CEN ISO/TS 21177:2019 without any
modification.


3

---------------------- Page: 5 ----------------------
SIST-TS CEN ISO/TS 21177:2019

---------------------- Page: 6 ----------------------
SIST-TS CEN ISO/TS 21177:2019
TECHNICAL ISO/TS
SPECIFICATION 21177
First edition
2019-08
Intelligent transport systems —
ITS station security services for
secure session establishment and
authentication between trusted devices
Reference number
ISO/TS 21177:2019(E)
©
ISO 2019

---------------------- Page: 7 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 2
5 Overview . 3
5.1 Goals . 3
5.2 Architecture and functional entities . 4
5.3 Cryptomaterial handles . 7
5.4 Session IDs and state . 7
5.5 Access control and authorisation state . 8
5.6 Application level non-repudiation . 8
5.7 Service primitive conventions . 8
6 Process flows and sequence diagrams . 9
6.1 General . 9
6.2 Overview of process flows . 9
6.3 Sequence diagram conventions .10
6.4 Configure .11
6.5 Start Session .12
6.6 Send data .14
6.7 Send access control PDU .17
6.8 Receive PDU .18
6.9 Secure connection brokering .23
6.9.1 Goals .23
6.9.2 Prerequisites .24
6.9.3 Overview .24
6.9.4 Detailed specification .25
6.10 Force end session .33
6.11 Session terminated at session layer .35
6.12 Deactivate .35
6.13 Secure session example .36
7 Security Subsystem: interfaces and data types .38
7.1 General .38
7.2 Access control policy and state .39
7.3 Enhanced authentication .40
7.3.1 Definition and possible states .40
7.3.2 States for owner role enhanced authentication .40
7.3.3 State for accessor role enhanced authentication .41
7.3.4 Use by Access Control .42
7.3.5 Methods for providing enhanced authentication .42
7.3.6 Enhanced authentication using SPAKE2 .42
7.4 Extended authentication .43
7.5 Data types .44
7.5.1 General.44
7.5.2 Imports .44
7.5.3 Iso21177AccessControlPdu .44
7.5.4 AccessControlResult .44
7.5.5 ExtendedAuthPdu .44
7.5.6 ExtendedAuthRequest .45
7.5.7 InnerExtendedAuthRequest .45
7.5.8 AtomicExtendedAuthRequest .46
© ISO 2019 – All rights reserved iii

---------------------- Page: 9 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

7.5.9 ExtendedAuthResponse .46
7.5.10 ExtendedAuthResponsePayload .46
7.5.11 EnhancedAuthPdu .47
7.5.12 SpakeRequest.47
7.5.13 SpakeResponse .47
7.5.14 SpakeRequesterResponse .48
7.6 App-Sec Interface .48
7.6.1 App-Sec-Configure.request .48
7.6.2 App-Sec-Configure.confirm.49
7.6.3 App-Sec-StartSession.indication .49
7.6.4 App-Sec-Data.request .50
7.6.5 App-Sec-Data.confirm . .50
7.6.6 App-Sec-Incoming.request .51
7.6.7 App-Sec-Incoming.confirm .51
7.6.8 App-Sec-EndSession.request .52
7.6.9 App-Sec-EndSession.confirm .52
7.6.10 App-Sec-EndSession.indication.52
7.6.11 App-Sec-Deactivate.request .53
7.6.12 App-Sec-Deactivate.confirm .53
7.6.13 App-Sec-Deactivate.indication .53
7.7 Security Subsystem internal interface .54
7.7.1 General.54
7.7.2 Sec-AuthState.request .54
7.7.3 Sec-AuthState.confirm . .55
8 Adaptor Layer: Interfaces and data types .55
8.1 General .55
8.2 Data types .56
8.2.1 General.56
8.2.2 Iso21177AdaptorLayerPDU .56
8.2.3 Apdu . .57
8.2.4 Access Control .57
8.2.5 TlsClientMsg1 .57
8.2.6 TlsServerMsg1 .57
8.3 App-AL Interface .57
8.3.1 App-AL-Data.request .57
8.3.2 App-AL-Data.confirm .58
8.3.3 App-AL-Data.indication .58
8.3.4 App-AL-EnableProxy.request .59
8.4 Sec-AL Interface .61
8.4.1 Sec-AL-AccessControl.request.61
8.4.2 Sec-AL-AccessControl.confirm .61
8.4.3 Sec-AL-AccessControl.indication .61
8.4.4 Sec-AL-EndSession.request .62
8.4.5 Sec-AL-EndSession.confirm.62
9 Secure Session services .62
9.1 General .62
9.2 App-Sess interfaces .62
9.2.1 App-Sess-EnableProxy.request .62
9.3 Sec-Sess interface .63
9.3.1 Sec-Sess-Configure.request .63
9.3.2 Sec-Sess-Configure.confirm .65
9.3.3 Sec-Sess-Start.indication .65
9.3.4 Sec-Sess-EndSession.indication .66
9.3.5 Sec-Sess-Deactivate.request .66
9.3.6 Sec-Sess-Deactivate.confirm .67
9.4 AL-Sess interface .67
9.4.1 AL-Sess-Data.request .67
iv © ISO 2019 – All rights reserved

---------------------- Page: 10 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

9.4.2 AL-Sess-Data.confirm.67
9.4.3 AL-Sess-Data.indication .68
9.4.4 AL-Sess-EndSession.request .68
9.4.5 AL-Sess-EndSession.confirm .68
9.4.6 AL-Sess-ClientHelloProxy.request .69
9.4.7 AL-Sess-ClientHelloProxy.indication .69
9.4.8 AL-Sess-ServerHelloProxy.request .70
9.4.9 AL-Sess-ServerHelloProxy.indication .70
9.4.10 AL-Sess-EndSession.request .71
9.4.11 AL-Sess-EndSession.confirm .72
9.5 Permitted mechanisms .72
9.5.1 TLS 1.3 .72
9.5.2 DTLS 1.3.73
Annex A (informative) Usage scenarios .74
Annex B (normative) ASN.1 module .81
Bibliography .82
© ISO 2019 – All rights reserved v

---------------------- Page: 11 ----------------------
SIST-TS CEN ISO/TS 21177:2019
ISO/TS 21177:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.