1

REVIEW OF ITS WG5 PROGRAMME (SECURITY)Scott W CADZOW, Chairman of ETSI TC ITS WG5

2

REVIEW OF TERMS OF REFERENCEWhat we’ve agreed is in our scope

Responsibilities of WG5 from ToR

Conducting studies leading to deliverables on Security;

Assuring ITS solutions conform to regulatory requirements for privacy, data protection, lawful interception and data retention;

Management and co-ordination of the development of security specifications for ITS communication and data;

Investigation of security services and mechanisms required for providing ITS services over the Internet;

3

Investigation of security services and mechanisms required for providing ITS services over the Internet;

Development of security analyses of candidate protocols and network elements to be used within the ITS framework to implement capabilities e.g., EMTEL aspects, IPv6 migration, keying strategies and methods;

Tracking on-going worldwide security activities of interest to ITS (notably in ISO TC204)

WG5 activities identified from ToR

Ensure that a threat analysis for ITS is conducted and maintained as the feature set being standardised grows.

Determine and document the objectives and priorities for ITS security taking into account the needs and aspirations of users, operators, regulators and manufacturers• Accommodate, as far as is practicable, any regional regulatory

requirements in security objectives

4

requirements in security objectives

Detail the security requirements for ITS:

Define a security architecture for ITS which will satisfy the security requirements and align with the ITS system architecture.

Produce guidelines:• On the use of the ITS security elements

• On the limitations of ITS security

• On the implications of not activating the security elements that are provided.

5

PUBLISHED OR COMPLETEDThe ETSI output that we’ve completed and the schedule for publication

Transportation

Published documents

ETSI TR 102 893V1.1.1 (2010-03) Intelligent

Transport Systems (ITS); Security; Threat,

Vulnerability and Risk Analysis (TVRA)

ETSI TS 102 731V1.1.1 (2010-09) Intelligent

6

ETSI TS 102 731V1.1.1 (2010-09) Intelligent

Transport Systems (ITS); Security; Security

Services and Architecture

Completed pending final review …

TS 102 867, Stage 3 mapping for IEEE 1609.2

TS 102 940, Security architecture and ITS

Station Security Management

TS 102 941, Identity, Trust and Privacy

7

TS 102 941, Identity, Trust and Privacy

Management

TS 102 942, Access Control and Secure and

Privacy-preserving services

TS 102 943, Confidentiality services

TS 102 867 – Scope

The present document specifies the use of the mechanisms of IEEE 1609.2 [1] within the ITS communications architecture defined in EN 302 665 [3] to provide a stage 3 implementation for a subset of the security services defined in TS 102 731 [2].

The present document identifies:• Those areas where IEEE 1609.2 [1] provides a security service defined in TS 102 731 [2].

• Recommended parameterizations of IEEE 1609.2 [1] via its "security profile" mechanism for Cooperative Awareness Messages (CAM) [4] and Decentralized Environmental Notification Messages (DENM) [5].

8

Messages (DENM) [5].

• Those areas where IEEE 1609.2 [1] needs to be extended or modified in a minor way to provide security services defined in TS 102 731 [2] and suitable for CAM and DENM.

• Those areas where IEEE 1609.2 [1] does not provide a basis for a security service defined in TS 102 731 [2] and consumed by CAM and DENM.

In those cases where IEEE 1609.2 [1] does not fully provide a required service, the present document identifies the requirements for that service but does not specify that service in full. The present document should therefore be seen not as a full specification of security for CAM and DENM but as a subset of that specification.

TS 102 940 - Scope

The present document specifies a security architecture for Intelligent Transport System (ITS) communications. Based upon the security services defined in TS 102 731 [6] ,it identifies the functional entities required to support security in an ITS environment and the relationships that exist between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [1].

9

exist between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [1].

The present document also identifies the roles and locations of a range of security services for the protection of transmitted information and the management of essential security parameters. These include identifier and certificate management, PKI processes and interfaces as well as basic policies and guidelines for trust establishment.

TS 102 941 – Scope

The present document specifies the trust and privacy management for Intelligent Transport System (ITS) communications. Based upon the security services defined in TS 102 731 [1] and the security architecture define in TS 102 940 [5], it identifies the trust establishment and privacy management required to support security in an ITS environment and the relationships that exist between the entities themselves and the elements of the ITS

10

between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [2].

The present document identifies and specifies security services for the establishment and maintenance of identities and cryptographic keys in an Intelligent Transport System (ITS). Its purpose is to provide the functions upon which systems of trust and privacy can be built within an ITS.

TS 102 942 – Scope

The present document specifies how to encode permissions of ITS applications as access control constraints models and demonstrates the application of the constraints model for CAM and DENM. ITS applications shall only have access to resources in the ITS-S that are necessary for their

11

DENM. ITS applications shall only have access to resources in the ITS-S that are necessary for their successful execution. The model defines the allowed permissions and any conditional constraints associated to ITS applications and internal resources of the ITS-S (such as facilities layer, transmission media interfaces, policies, databases, etc.).

TS 102 943 – Scope

The present document specifies services to

ensure that that the confidentiality of

information sent to and from an Intelligent

Transport System (ITS) station can be

12

Transport System (ITS) station can be

maintained at a level that is acceptable to the

users of the station.

13

PLANNING FOR THE FUTUREWhere we are aiming to develop more standards and guidance

Priority 1: Completion of ETSI WIs

Sx-SAP definitions

Update of TVRA

Beginning the ITS Security Test Programme

• Conformance tests for TS 102 867 and TS 102 941

14

• Conformance tests for TS 102 867 and TS 102 941

(TSS&TP, TTCN3)

• Interoperability test structure ?

Priority 2: New work areas

Extension of ETSI Work Programme to ATIS, APTS, etc.

• Addressing user interaction to ITS and covering parts of the EU ITS scope not addressed by V2V/V2I

Security guide

15

Security guide

• How to deploy ITS and the security functions within it

Deployment of ITS services (web-services and apps) to the ITS-S

ComSec integration of 5GHz to other radio links (e.g. LTE)

16

Safety aids survivability

Directive expects ITS to reduce or eliminate this

17

Directive look to ITS to aid environment

18

Encourage more use of these

19

Questions

20