5
5
ETSI TS 103 097 V1.2.1 (2015-06)
Intelligent Transport Systems (ITS);
Security;
Security header and certificate formats
Technical Specification
?
Reference
RTS/ITS-00531
Keywords
ITS, privacy, protocol, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N� 348 623 562 00017 - NAF 742 C
Association � but non lucratif enregistr�e � la
Sous-Pr�fecture de Grasse (06) N� 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
� European Telecommunications Standards Institute 2015.
All rights reserved.
DECT
TM
,
PLUGTESTS
TM
,
UMTS
TM
and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
3GPP
TM
and
LTE
� are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM
� and the GSM logo are Trade Marks registered and owned by the GSM Association.
?
Contents
Foreword
5
5
Modal verbs terminology
5
5
Introduction
5
5
1
Scope
6
6
2
References
6
6
2.1
Normative references
6
6
2.2
Informative references
6
6
3
Definitions and abbreviations
7
7
3.1
Definitions
7
7
3.2
Abbreviations
7
7
4
Basic format elements
7
7
4.1
Presentation Language
7
7
4.2
Specification of basic format elements
9
9
4.2.1
IntX
9
9
4.2.2
PublicKeyAlgorithm
9
9
4.2.3
SymmetricAlgorithm
9
9
4.2.4
PublicKey
9
9
4.2.5
EccPoint
10
10
4.2.6
EccPointType
11
11
4.2.7
EncryptionParameters
11
11
4.2.8
Signature
11
11
4.2.9
EcdsaSignature
12
12
4.2.10
SignerInfo
12
12
4.2.11
SignerInfoType
13
13
4.2.12
HashedId8
13
13
4.2.13
HashedId3
13
13
4.2.14
Time32
14
14
4.2.15
Time64
14
14
4.2.16
Time64WithStandardDeviation
14
14
4.2.17
Duration
14
14
4.2.18
TwoDLocation
15
15
4.2.19
ThreeDLocation
15
15
4.2.20
GeographicRegion
15
15
4.2.21
RegionType
16
16
4.2.22
CircularRegion
16
16
4.2.23
RectangularRegion
16
16
4.2.24
PolygonalRegion
17
17
4.2.25
IdentifiedRegion
17
17
4.2.26
RegionDictionary
17
17
5
Specification of security header
17
17
5.1
SecuredMessage
17
17
5.2
Payload
18
18
5.3
PayloadType
18
18
5.4
HeaderField
18
18
5.5
HeaderFieldType
20
20
5.6
TrailerField
20
20
5.7
TrailerFieldType
20
20
5.8
RecipientInfo
21
21
5.9
EciesEncryptedKey
21
21
6
Specification of certificate format
22
22
6.1
Certificate
22
22
6.2
SubjectInfo
23
23
6.3
SubjectType
23
23
6.4
SubjectAttribute
23
23
6.5
SubjectAttributeType
24
24
6.6
SubjectAssurance
24
24
6.7
ValidityRestriction
25
25
6.8
ValidityRestrictionType
25
25
6.9
ItsAidSsp
25
25
7
Security profiles
26
26
7.1
Security profile for CAMs
26
26
7.2
Security profile for DENMs
27
27
7.3
Generic security profile for other signed messages
28
28
7.4
Profiles for certificates
29
29
7.4.1
Introduction
29
29
7.4.2
Authorization tickets (pseudonymous certificates)
30
30
7.4.3
Enrolment credential (long-term certificates)
30
30
7.4.4
Certificate authority certificates
30
30
Annex A (informative):
Data structure examples
32
32
A.1
Example security envelope structure for CAM
32
32
A.2
Example structure of a certificate
33
33
Annex B (informative):
Usage of ITS-AID and SSPs
34
34
History
35
35
?
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for
ETSI members and non-members
, and can be found in ETSI SR 000 314:
"Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards"
, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (
http://ipr.etsi.org
).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document.
In the present document "
shall
", "
shall not
", "
should
", "
should not
", "
may
", "
need not
", "
will
", "
will not
", "
can
" and "
cannot
" are to be interpreted as described in clause 3.2 of the
ETSI Drafting Rules
(Verbal forms for the expression of provisions).
"
must
" and "
must not
" are
NOT
allowed in ETSI deliverables except when used in direct citation.
Security mechanisms for ITS consist of a number of parts. An important part for interoperability is a common format for data elements being transferred between ITS stations for security purposes.
The present document intends to provide such a format definition. A special focus is to include as much as possible from existing standards. At the same time, the major goal is simplicity and extensibility of data structures.
?
Scope
The present document specifies security header and certificate formats for Intelligent Transport Systems. These formats are defined specifically for securing G5 communication.
References
Normative references
References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference
.
NOTE:
While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
The following referenced documents are necessary for the application of the present document.
[]
IEEE� 1363-2000: "IEEE Standard Specifications For Public Key Cryptography".
[]
NIMA Technical Report TR8350.2: "Department of Defense World Geodetic System 1984. Its Definition and Relationships with Local Geodetic Systems".
[]
ISO 3166-1: "Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes".
[]
NIST SP 800-38C: "Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality".
[]
IETF RFC 2246: "The TLS Protocol Version 1.0".
[]
ETSI TS 102 940: "Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management".
[]
ETSI TS 102 965 (V1.2.1): "Intelligent Transport Systems (ITS); Application Object Identifier (ITS-AID); Registration".
Informative references
References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies.
NOTE:
While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.
[
i.
]
IEEE� 1363a-2004: "Standard Specifications For Public Key Cryptography - Amendment 1: Additional Techniques".
[
i.
]
IEEE� 1609.2-2012 (draft D12): "Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages".
[
i.
]
IEEE� 1609.2-2012 (draft D17): "Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages".
[
i.
]
IEEE� 1609.3-2010: "Wireless Access in Vehicular Environments (WAVE) - Networking Services".
[
i.
]
Standards for Efficient Cryptography 4 (SEC 4): "Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)".
[
i.
]
Antipa A., R. Gallant, and S. Vanstone: "Accelerated verification of ECDSA signatures", Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005: Springer, 2005, pp. 307-318.
Definitions and abbreviations
Definitions
For the purposes of the present document, the following terms and definitions apply:
enumeration: set of values with distinct meaning
Abbreviations
For the purposes of the present document, the following abbreviations apply:
AES
Advanced Encryption Standard
CA
Certificate Authority
CAM
Cooperative Awareness Message
CRL
Certificate Revocation List
DENM
Decentralized Environmental Notification Message
DHAES
Diffie-Hellman: An Encryption Scheme
ECC
Elliptic Curve Cryptography
ECDSA
Elliptic Curve Digital Signature Algorithm
ECIES
Elliptic Curve Integrated Encryption Scheme
ECQV
Elliptic Curve Qu-Vanstone
NOTE:
Implicit Certificate Scheme.
G5
5,9 GHz radio communications
ITS
Intelligent Transport Systems
ITS-AID
ITS Application ID
ITS-S
Intelligent Transport Systems Station
LSB
Least Significant Bit
NIMA
National Imagery and Mapping Agency
NIST SP
National Institute of Standards and Technology, Special Publication
PSID
Provider Service Identifier
NOTE:
It is a synonym for ITS-AID.
SSP
Service Specific Permissions
TAI
Temps Atomique International (International Atomic Time)
TLS
Transport Layer Security
UTC
Universal Time Coordinated
WGS
World Geodetic System
Basic format elements
Presentation Language
The presentation language is derived from the Internet Engineering Task Force (IETF) RFC 2246 (TLS) [ 5 ] and from IEEE 1609.2-2012 [ i.2 ] (draft D12) and is described in table 1 . The encoding of multi-byte elements of the presentation language shall always use network byte order, i.e. big endian byte order, if applicable.
NOTE:
The presentation language is not formally defined. Parsing tools based on this notation cannot be guaranteed to be consistent or complete.
Table : Presentation language
|
Element |
Description |
Example(s) |
|
Variable names |
Variable names are given in lower case |
variable_name |
|
Basic data types |
Basic data types are given in lower case |
uint8, uint16, uint32, uint64 |
|
Composed data types |
Composed data types are given with at least the first letter in upper case |
MyDataType |
|
Comments |
Comments start with the "//" indicator |
// This is a comment |
|
Numbers |
Numbers are given as signed or unsigned big-endian octets |
uint8, uint16, uint32, uint64, sint32 |
|
Fixed-length vectors |
Fixed-length vectors have a data type and a fixed octet size given in square brackets |
uint8 Coordinates[2]; // two uint8 values uint32 Coordinates[8]; // two uint32 values |
|
Variable-length vectors with fixed-length length encoding |
The number in angle brackets gives the maximum number of octets. Depending on the maximum size, the first 1 byte, 2 bytes, 4 bytes or 8 bytes encode the actual field length |
uint8 AsciiChar; AsciiChar Name<2^8-1>; // "abc" encoded as // 0x03, 0x61, 0x62, 0x63 AsciiChar LongName<2^16-1>; // "abc" encoded as // 0x00, 0x03, 0x61, 0x62, 0x63 |
|
Variable-length vectors with variable-length length encoding |
<var> indicates variable-length encoding. The length itself is encoded with a number of "1" bits according to the additional number of octets used to encode the length, followed by a "0" bit and the actual length value. The maximum length shall be 2 56 - 1, i.e. at most seven "1" bits followed by a "0" bit shall be used for the variable-length length encoding. The length of variable-length vectors with variable-length length encoding shall be encoded as positive integer using the minimum number of bits necessary |
uint8 AsciiChar; AsciiChar Name<var>;
// encoding examples: (the bits with // grey background represent the
// Vector length 5:
// Vector length 123:
// Vector length 388:
|
|
Opaque fields |
Opaque fields are blocks of data whose content interpretation is not further specified |
opaque fieldname[n]; opaque fieldname<n>; opaque fieldname<var>; |
|
Enumerations |
Enumerations are list of labels with a unique value for each label, and optionally a maximum value (which then determines length of encoding) |
enum {de(0), fr(1), it(2)} Country; enum {de(0), fr(1), it(2), (2^8-1)} Country; // both variants encoding in one // octet enum {de(0), fr(1), it(2), (2^16-1)} Country; // Encoding in two octets |
|
Constructed types |
Constructed types contain other types |
struct {
} Person; |
|
Case statements |
Case statements are used inside constructed types to change the contents of the constructed type depending on the value of the variable given in brackets |
struct {
} Person; |
|
External data |
This is external data that has impact on a struct, e.g. in a select statement. It shall be described from where the external data is obtained |
struct {
} Person; |
Specification of basic format elements
IntX
int_x
IntX;
This data type encodes an integer of variable length. The length of this integer is encoded by a number of 1 bits followed by a 0 bit, where the number of 1 bits is equal to the number of additional octets used to encode the integer besides those used (partially) to encode the length. The encoding of the length shall use at most 7 bits set to 1.
EXAMPLE:
00001010 encodes the integer 10, while 10001000 10001000 encodes the integer 2 184. The bits encoding the length of the element are coloured with a grey background.
NOTE:
This definition is similar to the definition of PSID in IEEE 1609.3-2010 [
i.4
], clause 8.1.3, but allows bigger values of the encoded integer.
PublicKeyAlgorithm
enum {
ecdsa_nistp256_with_sha256(0),
ecies_nistp256(1),
reserved(240..255),
(2^8-1)
} PublicKeyAlgorithm;
This enumeration lists supported algorithms based on public key cryptography. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:
This definition is similar to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.16, but
ecdsa_nistp224_with_sha224
is not supported by the present document. As a consequence, the numbering of identical elements (e.g.
ecies_nistp256
) differs.
SymmetricAlgorithm
enum {
aes_128_ccm (0),
reserved (240..255),
(2^8-1)
} SymmetricAlgorithm;
This enumeration lists supported algorithms based on symmetric key cryptography. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes. The algorithm aes_128_ccm denotes the symmetric key cryptography algorithm AES-CCM as specified in NIST SP 800-38C [ 4 ].
NOTE:
Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.23.
PublicKey
struct {
PublicKeyAlgorithm
algorithm;
select(algorithm) {
case ecdsa_nistp256_with_sha256:
EccPoint
public_key;
case ecies_nistp256:
SymmetricAlgorithm
supported_symm_alg;
EccPoint
public_key;
unknown:
opaque
other_key<var>;
}
} PublicKey;
This structure defines a wrapper for public keys by specifying the used algorithm and - depending on the value of algorithm - the necessary data fields:
NOTE:
Except naming of included types, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.31.
EccPoint
struct {
extern PublicKeyAlgorithm
algorithm;
extern uint8
field_size;
EccPointType
type;
opaque
x[field_size];
select(type) {
case x_coordinate_only:
case compressed_lsb_y_0:
case compressed_lsb_y_1:
;
case uncompressed:
opaque
y[field_size];
unknown:
opaque
data<var>;
}
} EccPoint;
This structure defines a public key based on elliptic curve cryptography according to IEEE 1363-2000 [ 1 ], clause 5.5.6. An EccPoint encodes a coordinate on a two dimensional elliptic curve. The x coordinate of this point shall be encoded in x as an unsigned integer. Depending on the key type, the y coordinate shall be encoded case-specific:
The uint8 field_size defining the lengths of the vectors containing the raw keys shall be derived from the given algorithm and the mapping as defined in table 2 . The necessary algorithm shall be given as an external link to the parameter pk_encryption specified in the structure RecipientInfo .
|
Table
:
Derivation of field sizes
|
|
|
PublicKeyAlgorithm value |
Length in octets |
|
ecdsa_nistp256_with_sha256 |
32 |
|
ecies_nistp256 |
32 |
NOTE:
Except inclusion of all remaining elements of the enumeration EccPointType that previously matched to case
uncompressed
and inclusion of case
unknown
, this definition is identical to the EccPublicKey in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.18.
EccPointType
enum {
x_coordinate_only(0),
compressed_lsb_y_0(2),
compressed_lsb_y_1(3),
uncompressed(4),
(2^8-1)
} EccPointType;
This enumeration lists supported ECC point types.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.19.
EncryptionParameters
struct {
SymmetricAlgorithm
symm_algorithm
;
select(symm_algorithm) {
case aes_128_ccm:
opaque
nonce[12];
unknown:
opaque
params<var>;
}
} EncryptionParameters;
This structure holds basic parameters and additional data required for encryption and decryption of data using different symmetric encryption algorithms. In case of aes_128_ccm a 12 octet nonce shall be given. The parameter Tlen according to NIST SP 800-38C [ 4 ] shall be set to Tlen = 128 (bits) and no associated data shall be given. In other cases the data shall be given as a variable-length vector containing opaque data. It is out of scope of this definition how resulting ciphertexts are transported. Typically, a ciphertext should be put into a Payload data structure marked as encrypted using the PayloadType .
NOTE:
This structure is not available in IEEE 1609.2 Draft D12 [
i.2
].
Signature
struct {
PublicKeyAlgorithm
algorithm;
select(algorithm) {
case ecdsa_nistp256_with_sha256:
EcdsaSignature
ecdsa_signature;
unknown:
opaque
signature<var>;
}
} Signature;
This structure defines a container that encapsulates signatures based on public key cryptography. Depending on the value of algorithm , different data structures define the algorithm-specific details:
The data in this structure can be used to verify a data structure's integrity. In conjunction with a matching SignerInfo structure, the data structure's authenticity can also be verified.
It is necessary to note the following points:
NOTE:
Except naming and full inclusion (not marked as
extern
) of the enumeration
PublicKeyAlgorithm
, this definition is identical to the one in IEEE.1609.2 Draft D12 [
i.2
], clause 6.2.15.
EcdsaSignature
struct {
extern PublicKeyAlgorithm
algorithm;
extern uint8
field_size;
EccPoint
R;
opaque
s[field_size];
} EcdsaSignature;
This structure defines the details needed to describe an ECDSA based signature. This field's length field_size is derived from the applied ECDSA algorithm using the mapping as specified in table 2 . The extern link that specifies the algorithm points to the algorithm defined in the surrounding Signature structure. R contains the x coordinate of the elliptic curve point resulting from multiplying the generator element by the ephemeral private key. The EccPointType of R shall be set to either compressed_lsb_y_0 , compressed_lsb_y_1 or x_coordinate_only .
NOTE 1:
Except naming of included type
PublicKeyAlgorithm
, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.17.
NOTE 2:
It is possible to add extra information by transferring the complete point R in a compressed form instead of only the x coordinate. This extra information may then be used for a faster signature verification algorithm as outlined in "Accelerated verification of ECDSA signatures" [
i.6
].
SignerInfo
struct {
SignerInfoType type;
select(type){
case self:
;
case certificate_digest_with_sha256:
HashedId8
digest;
case certificate:
Certificate
certificate;
case certificate_chain:
Certificate
certificates<var>;
case certificate_digest_with_other_algorithm:
PublicKeyAlgorithm
algorithm;
HashedId8
digest;
unknown:
opaque
info<var>;
}
} SignerInfo;
This structure defines how to give information about the signer of a message. The included cryptographic identity can be used in conjunction with the structure Signature to verify a message's authenticity. Depending on the value of type , the SignerInfo 's data fields shall contain the following entries:
NOTE:
Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.4.
SignerInfoType
enum {
self(0),
certificate_digest_with_sha256(1),
certificate(2),
certificate_chain(3),
certificate_digest_with_other_algorithm(4),
reserved(240..255),
(2^8-1)
} SignerInfoType;
This enumeration lists methods to describe a message's signer. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:
This definition is similar to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.5, but naming and
certificate_digest_with_ecdsap224
is not supported by the present document. As a consequence, the numbering of identical elements (e.g.
certificate_chain
) differs.
HashedId8
opaque
HashedId8[8];
This value is used to identify data such as a certificate. It shall be calculated by first computing the SHA-256 hash of the input data, and then taking the least significant eight bytes from the hash output.
A canonical encoding for the EccPoint R contained in the signature field of a Certificate shall be used when calculating the SHA-256 hash from a Certificate . This canonical encoding shall temporarily replace the value of the EccPointType of the point R of the Certificate with x_coordinate_only for the hash computation.
NOTE 1:
Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.6.
NOTE 2:
The canonical encoding is used to remove the possibility of manipulating the certificate in a way that results in different
HashedId8
identifiers for the same certificate by changing the
EccPointType
. Implementations that do not use the fast verification according to "Accelerated verification of ECDSA signatures" [
i.6
] cannot detect this manipulation.
HashedId3
opaque
HashedId3[3];
This value is used to give an indication on an identifier, where real identification is not required. This can be used to request a certificate from other surrounding stations. It shall be calculated by first computing the SHA-256 hash of the input data, and then taking the least significant three bytes from the hash output. If a corresponding HashedId8 value is available, it can be calculated by truncating the longer HashedId8 to the least significant three bytes.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
Time32
uint32
Time32;
Time32 is an unsigned 32-bit integer, encoded in big-endian format, giving the number of International Atomic Time (TAI) seconds since 00:00:00 UTC, 01 January 2004.
NOTE 1:
The period of 2
32
seconds lasts about 136 years that is until 2140.
NOTE 2:
This definition is identical to the one in IEEE 1609.2 Draft D17 [
i.3
], clause 6.3.31.
Time64
uint64
Time64;
Time64 is a 64-bit unsigned integer, encoded in big-endian format, giving the number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D17 [
i.3
], clause 6.2.12.
Time64WithStandardDeviation
struct {
Time64
time;
uint8
log_std_dev;
} Time64WithStandardDeviation;
This structure defines how to encode time along with the standard deviation of time values. log_std_dev values 0 to 254 represent the rounded up value of the log to the base 1,134666 of the implementation's estimate of the standard deviation in units of nanoseconds. Values greater than 1,134666 254 nanoseconds are represented by the value 254, i.e. a day or longer. If the standard deviation is unknown, value 255 shall be used.
NOTE 1:
This definition is identical to the one in IEEE 1609.2 Draft D17 [
i.3
], clause 6.2.11.
NOTE 2:
This definition is currently unused in the security profiles in clause 7.
Duration
uint16
Duration;
This uint16 encodes the duration of a time span (e.g. a certificate's validity). The first three bits shall encode the units as given in table 3 . The remaining 13 bits shall be treated as an integer encoded.
NOTE 1:
Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.5.
NOTE 2:
This definition is currently unused in the security profiles in clause 7.
|
Table : Interpretation of duration unit bits |
|
|
Bits |
Interpretation |
|
000 |
seconds |
|
001 |
minutes (60 seconds) |
|
010 |
hours (3 600 seconds) |
|
011 |
60 hour blocks (216 000 seconds) |
|
100 |
years (31 556 925 seconds) |
|
101, 110, 111 |
undefined |
TwoDLocation
struct {
sint32
latitude;
sint32
longitude;
} TwoDLocation;
This structure defines how to specify a two dimensional location. It is used to define validity regions of a certificate. latitude and longitude encode a coordinate in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum as defined in NIMA Technical Report TR8350.2 [ 2 ].
The permitted values of latitude range from -900 000 000 to +900 000 000. The value 900 000 001 shall indicate the latitude as not being available.
The permitted values of longitude range from -1 800 000 000 to +1 800 000 000. The value 1 800 000 001 shall indicate the longitude as not being available.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.18.
ThreeDLocation
struct {
sint32
latitude;
sint32
longitude;
opaque
elevation[2];
} ThreeDLocation;
This structure defines how to specify a three dimensional location.
latitude
and
longitude
encode coordinate in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum as defined in NIMA Technical
Report TR8350.2 [
2
].
The permitted values of latitude range from -900 000 000 to +900 000 000. The value 900 000 001 shall indicate the latitude as not being available.
The permitted values of longitude range from -1 800 000 000 to +1 800 000 000. The value 1 800 000 001 shall indicate the longitude as not being available.
elevation shall contain the elevation relative to the WGS-84 ellipsoid in decimetres. The value is interpreted as an asymmetric signed integer with an encoding as follows:
EXAMPLES:
0x0000 = 0 metre
0x03E8 = 100 metres
0xF7D1 = -209,5 metres (0xF001 + 0x07D0 = -409,5 metres + 200 metres).
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.12.
GeographicRegion
struct {
RegionType
region_type;
select(region_type){
case circle:
CircularRegion
circular_region;
case rectangle:
RectangularRegion
rectangular_region<var>;
case polygon:
PolygonalRegion
polygonal_region;
case id:
IdentifiedRegion
id_region;
case none:
;
unknown:
opaque
other_region<var>;
}
} GeographicRegion;
This structure defines how to encode geographic regions. These regions can be used to limit the validity of certificates.
In case of rectangle , the region shall consist of a variable-length vector of rectangles that may be overlapping or disjoint. The variable-length vector shall not contain more than 6 rectangles. The region covered by the rectangles shall be continuous and shall not contain holes.
NOTE:
Except inclusion of case
id
, this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.13.
RegionType
enum {
none(0),
circle(1),
rectangle(2),
polygon(3),
id(4),
reserved(240..255),
(2^8-1)
} RegionType;
This enumeration lists possible region types. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:
This definition is similar to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.14, but the identifier numbering differs, the region ID
id
was added and
from_issuer
removed.
CircularRegion
struct {
TwoDLocation center;
uint16 radius;
} CircularRegion;
This structure defines a circular region with radius given in metres and center at center . The region shall include all points on the reference ellipsoid's surface with a distance over surface of Earth equal to or less than the radius to the center point. For a location of type ThreeDLocation , i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the circular region.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.15.
RectangularRegion
struct {
TwoDLocation
northwest;
TwoDLocation
southeast;
} RectangularRegion;
This structure defines a rectangular region by connecting the four points in the order (northwest.latitude, northwest.longitude), (northwest.longitude, southeast.longitude), (southeast.longitude, southeast.longitude), and (southeast.longitude, northwest.longitude). If two consecutive points P and Q define a line of constant latitude or longitude from P to Q, the left side of the line is defined as being outside of the polygon and the line itself and the right side of the line to be inside the rectangular region. A rectangular region is only valid if the location northwest is north of the location southeast . For a location of type ThreeDLocation , i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the rectangular region.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.16.
PolygonalRegion
TwoDLocation
PolygonalRegion<var>;
This variable-length vector describes a region by enumerating points on the region's boundary. If two consecutively specified points P and Q define a line of constant bearing from P to Q, the left side of the line is defined as being outside of the polygon and the line itself and the right side of the line to be inside the polygon. The points shall be linked to each other, with the last point linked to the first. No intersections shall occur and at least 3 and no more than 12 points shall be given. The specified region shall be continuous and shall not contain holes. For a location of type ThreeDLocation , i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the polygonal region.
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.17.
IdentifiedRegion
struct {
RegionDictionary
region_dictionary;
uint16
region_identifier;
IntX
local_region;
} IdentifiedRegion;
This structure defines a predefined geographic region determined by the region dictionary region_dictionary and the region identifier region_identifier . local_region may optionally specify a more detailed region within the region. If the whole region is meant, local_region shall be set to 0. The details of local_region are unspecified.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
RegionDictionary
enum {
iso_3166_1(0),
un_stats(1),
(2^8-1)
} RegionDictionary;
This enumeration lists dictionaries containing two-octet records of globally defined regions. The dictionary that corresponds to iso_3166_1 shall contain values that correspond to numeric country codes as defined in ISO 3166-1 [ 3 ]. The dictionary that corresponds to un_stats shall contain values as defined by the United Nations Statistics Division, which is a superset of ISO 3166-1 [ 3 ] including compositions of regions.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
Specification of security header
SecuredMessage
struct {
uint8
protocol_version;
HeaderField
header_fields<var>;
Payload
payload_field;
TrailerField
trailer_fields<var>;
} SecuredMessage;
This structure defines how to encode a generic secured message:
Further information about how to fill these variable-length vectors is given via security profiles in clause 7.
NOTE 1:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
NOTE 2:
An example for a reason to increase the
protocol_version
is a change to the epoch in clause 4.2.15 and clause 4.2.16, which leads to incompatible messages. A counterexample would be an additional header field using the
unknown
case in clause 5.4. This header field can be ignored by old implementations, if the syntax is kept identical and the versions are compatible. Hence, the
protocol_version
should not be increased.
Payload
struct {
PayloadType type;
select (type) {
case signed_external:
;
case unsecured:
case signed:
case encrypted:
case signed_and_encrypted:
unknown:
opaque
data<var>;
}
} Payload;
This structure defines how to encode payload. In case of externally signed payload, no payload data shall be given as all data is external. In this case, the external data shall be included when calculating the signature, at the position where a non-external payload would be. In all other cases, the data shall be given as a variable-length vector containing opaque data.
NOTE 1:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
NOTE 2:
Payloads of type
signed_external
are needed to add a signature in a non-intrusive way to an existing protocol stack, e.g. for extending an IPv6 stack.
PayloadType
enum {
unsecured(0),
signed(1),
encrypted(2),
signed_external(3),
signed_and_encrypted(4),
(2^8-1)
} PayloadType;
This enumeration lists the supported types of payloads.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
HeaderField
struct {
HeaderFieldType type;
select(type) {
case generation_time:
Time64
generation_time;
case generation_time_standard_deviation:
Time64WithStandardDeviation
generation_time_with_standard_deviation;
case expiration:
Time32
expiry_time;
case generation_location:
ThreeDLocation
generation_location;
case request_unrecognized_certificate:
HashedId3
digests<var>;
case its_aid:
IntX
its_aid;
case signer_info:
SignerInfo
signer;
case encryption_parameters:
EncryptionParameters
enc_params;
case recipient_info:
RecipientInfo
recipients<var>;
unknown:
opaque
other_header<var>;
}
} HeaderField;
This structure defines how to encode information of interest to the security layer. Its content depends on the value of type :
Furthermore, the HeaderField structure defines cryptographic information that is required for single-pass processing of the payload:
For extensibility, the structure contains a variable field:
NOTE 1:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
NOTE 2:
The
generation_time_standard_deviation
and the
expiration
header fields are currently unused in the security profiles in clause 7.
HeaderFieldType
enum {
generation_time(0),
generation_time_standard_deviation(1),
expiration(2),
generation_location(3),
request_unrecognized_certificate(4),
its_aid(5),
signer_info(128),
encryption_parameters(129),
recipient_info(130),
(2^8-1)
} HeaderFieldType;
This enumeration lists the supported types of header fields.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
TrailerField
struct {
TrailerFieldType
type;
select(type) {
case signature:
Signature
signature;
unkown:
opaque
security_field<var>;
}
} TrailerField;
This structure defines how to encode information used by the security layer after processing the payload. A trailer field may contain data of the following cases:
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
TrailerFieldType
enum {
signature(1),
(2^8-1)
} TrailerFieldType;
This enumeration lists the supported types of trailer fields.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
RecipientInfo
struct {
HashedId8
cert_id;
PublicKeyAlgorithm
pk_encryption
;
select (pk_encryption) {
case ecies_nistp256:
EciesEncryptedKey
enc_key;
unknown:
opaque
enc_key<var>;
}
} RecipientInfo;
This structure contains information for the decryption of a message for a recipient. This information is used to distribute recipient specific data. cert_id determines the 8 octet identifier for the recipient's certificate. Depending on the value of pk_encryption , the following additional data shall be given:
NOTE:
Except naming of included type
PublicKeyAlgorithm
and full inclusion of
pk_encryption
(not
extern
), this definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.24.
EciesEncryptedKey
struct {
extern SymmetricAlgorithm
symm_alg
;
extern uint32
symm_key_len;
EccPoint
v;
opaque
c[symm_key_len];
opaque
t[16];
} EciesEncryptedKey;
This structure defines how to transmit an ECIES-encrypted symmetric key as defined in IEEE
Std 1363a-2004 [
i.1
]. The
EccPoint
v
contains the sender's ECC
ephemeral
key used for the Elliptic Curve Encryption Scheme. This ephemeral key
v
shall only be used once and for every encryption a new key shall be generated. The vector
c
contains the encrypted (AES) key. The vector
t
contains the authentication tag. The
symm_key_len
defines the length of vector
c
containing the encrypted (AES) key and shall be derived from the given algorithm
symm_alg
and the mapping as defined in table
4
. The necessary algorithm shall be given as an external link to the parameter
symm_algorithm
specified in the structure
EncryptionParameters
. To ensure the external link to the
SymmetricAlgorithm
symm_alg
can be resolved, this
EciesEncryptedKey
structure shall be preceded by an according
EncryptionParameters
structure.
Further parameters used for the encryption and decryption using ECIES shall be:
|
Table : Derivation of symmetric key size depending on the used algorithm |
|
|
SymmetricAlgorithm value |
Length in octets |
|
aes_128_ccm |
16 |
NOTE:
This definition is identical to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.2.25.
Specification of certificate format
Certificate
struct {
uint8
version;
SignerInfo
signer_info;
SubjectInfo
subject_info;
SubjectAttribute
subject_attributes<var>;
ValidityRestriction
validity_restrictions<var>;
Signature
signature;
} Certificate;
This structure defines how to encode a certificate.
NOTE 1:
A certificate is considered valid if the current time is within the validity period specified in the certificate, the current region is within the validity region specified in the certificate, the type of the certificate is valid for the current type of communication, the signature, which covers all fields except the signature itself, is valid, and the certificate of the signer is valid as signer for the given certificate's type. If the certificate is self-signed, it is valid if it is stored as a trusted certificate.
NOTE 2:
This definition differs substantially from the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.1.
SubjectInfo
struct {
SubjectType
subject_type;
opaque
subject_name<2^8-1>;
} SubjectInfo;
This structure defines how to encode information about a certificate's subject. It contains the type of information in subject_type and the information itself in the variable-length vector subject_name . The subject_name variable-length vector shall have a maximum length of 32 bytes.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
SubjectType
enum {
enrollment_credential(0),
authorization_ticket(1),
authorization_authority(2),
enrollment_authority(3),
root_ca(4),
crl_signer(5),
(2^8-1)
} SubjectType;
This enumeration lists the possible types of subjects:
NOTE:
This definition substantially differs from the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.3.
SubjectAttribute
struct {
SubjectAttributeType
type;
select(type) {
case verification_key:
case encryption_key:
PublicKey
key;
case reconstruction_value:
EccPoint
rv;
case assurance_level:
SubjectAssurance
assurance_level;
case its_aid_list:
IntX
its_aid_list<var>;
case its_aid_ssp_list:
ItsAidSsp
its_aid_ssp_list<var>;
unknown:
opaque
other_attribute<var>;
}
} SubjectAttribute;
This structure defines how to encode a subject attribute. These attributes serve the purpose of specifying the technical details of a certificate's subject. Depending on the value of type , the following additional data shall be given:
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
SubjectAttributeType
enum {
verification_key(0),
encryption_key(1),
assurance_level(2),
reconstruction_value(3),
its_aid_list(32),
its_aid_ssp_list(33),
(2^8-1)
} SubjectAttributeType;
This enumeration lists the possible types of subject attributes.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
SubjectAssurance
opaque
SubjectAssurance;
This field contains the ITS-S's assurance, which denotes the ITS-S's security of both the platform and storage of secret keys as well as the confidence in this assessment.
This field shall be encoded as defined in table 5 , where "A" denotes bit fields specifying an assurance level, "R" reserved bit fields and "C" bit fields specifying the confidence.
Table 5 : Bitwise encoding of subject assurance
|
Bit number |
7 |
6 |
5 |
4 |
3 |
2 |
1 |
0 |
|
Interpretation |
A |
A |
A |
R |
R |
R |
C |
C |
In table 5 , bit number 0 denotes the least significant bit. Bit 7 to bit 5 denote the ITS-S's assurance levels, bit 4 to bit 2 are reserved for future use and bit 1 and bit 0 denote the confidence.
The specification of these assurance levels as well as the encoding of the confidence levels is outside the scope of the present document. The default (no assurance) shall be all bits set to 0.
NOTE 1:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
NOTE 2:
A process should be defined how to evaluate each implementation and how to assign a corresponding subject assurance according to the evaluation result(s). However, this process is out of scope of the present document.
ValidityRestriction
struct {
ValidityRestrictionType type;
select(type){
case time_end:
Time32
end_validity;
case time_start_and_end:
Time32
start_validity;
Time32
end_validity;
case time_start_and_duration:
Time32
start_validity;
Duration
duration;
case region:
GeographicRegion
region;
unknown:
opaque
data<var>;
}
} ValidityRestriction;
This structure defines ways to restrict the validity of a certificate depending on the value of type :
A valid certificate shall contain exactly one validity restriction of type time_end , time_start_and_end , or time_start_and_duration .
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
ValidityRestrictionType
enum {
time_end(0),
time_start_and_end(1),
time_start_and_duration(2),
region(3),
(2^8-1)
} ValidityRestrictionType;
This enumeration lists the possible types of restrictions to a certificate's validity.
NOTE:
This definition is not available in IEEE 1609.2 Draft D12 [
i.2
].
ItsAidSsp
struct {
IntX
its_aid;
opaque
service_specific_permissions<var>;
} ItsAidSsp ;
This structure defines how to encode an ITS-AID with associated Service Specific Permissions (SSP). service_specific_permissions shall have a maximum length of 31 octets. The definition of SSPs is out of scope of the present document.
NOTE:
This definition is similar to the one in IEEE 1609.2 Draft D12 [
i.2
], clause 6.3.24, but uses different naming, a slightly more flexible encoding of the ITS-AID.
Security profiles
Security profile for CAMs
This clause defines which fields shall be included in the SecuredMessage structure for Cooperative Awareness Messages (CAMs) as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included in all CAMs. With the exception of signer_info , which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure :
The HeaderField element request_unrecognized_certificate shall be included if an ITS-S received CAMs from other ITS-Ss, which the ITS-S has never encountered before and which included only a signer_info field of type certificate_digest_with_sha256 instead of a signer_info HeaderField of type certificate . In this case, the signature of the received CAMs cannot be verified because the verification key is missing. The field digests<var> in the structure of request_unrecognized_certificate shall be filled with a list of HashedId3 elements of the missing ITS-S certificates.
NOTE 1:
HashedId3
elements can be formed by using the least significant three bytes of the corresponding
HashedId8.
None of the possible HeaderField cases shall be included more than once . All other HeaderField types defined in clause 5 shall not be used . Future HeaderField types may be included. Any other HeaderField types included shall not be used to determine the validity of the message.
A Payload element shall be included for all CAMs. This element shall be of type signed and contain the CAM payload.
These TrailerField elements shall be included in all CAMs :
NOTE 2:
Table
6
illustrates which parts of a
SecuredMessage
are taken into account when generating the signature of a message.
Table 6 : Example for the ECDSA signature generation for a SecuredMessage
|
Element |
Description |
|
SecuredMessage |
|
|
|
Covered by the signature |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Not covered by the signature |
|
|
|
|
|
|
|
|
|
|
|
ECDSA signature (r,s) |
|
|
Security profile for DENMs
This clause defines which fields shall always be included in the SecuredMessage structure for Decentralized Environmental Notification Messages (DENMs) as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included in all DENMs. With the exception of signer_info, which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure:
None of the possible HeaderField cases shall be included more than once. All other HeaderField types defined in clause 5 shall not be used. Future HeaderField types may be included. Any other HeaderField types included shall not be used to determine the validity of the message.
A Payload element shall be included for all DENMs. This element shall be of type signed and contain the DENM payload.
These TrailerField elements shall be included in all DENMs:
Generic security profile for other signed messages
This clause defines which fields shall always be included in the SecuredMessage structure for other signed messages as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included. With the exception of signer_info, which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure :
None of the possible HeaderField cases shall be included more than once . Additional HeaderField types are allowed.
A Payload element of type signed , signed_external or signed_and_encrypted shall be included.
These TrailerField elements shall be included:
Profiles for certificates
Introduction
Clause 7.4 defines which types of variable fields shall always be included in certificates.
The version field of a certificate shall be set according to clause 6.1.
The following SubjectAttribute elements shall be included:
Exactly one of the following ValidityRestriction fields shall be included:
The options time_start_and_end or time_start_and_duration should be preferred. If the signer_info is different from self , then the validity period defined by time_end , time_start_and_end or time_start_and duration shall be within the validity period of the certificate referenced by the signer_info .
A certificate shall contain a validity restriction of type region , if the certificate referenced by the signer_info contains a validity restriction of type region . Every certificate with a validity restriction of type region shall contain a region that is covered by the certificate referenced by the signer_info . For the field signer_info , exactly one of the following types shall be included:
Apart from these fields, certificate contents may be extended depending on the purpose of the certificate.
All certificates shall contain a Signature field containing a signature calculated over these fields of the Certificate data structure:
Every certificate containing an its_aid_list or its_aid_ssp_list subject attribute shall contain a subset of the permissions that are contained in the certificate referenced by the signer_info . An its_aid in an its_aid_list shall be interpreted as containing a superset of all possible service specific permissions of this its_aid .
Authorization tickets (pseudonymous certificates)
This clause defines additional aspects of authorization tickets (i.e. pseudonymous certificates) as defined in ETSI TS 102 940 [ 6 ].
For the field signer_info , exactly one of the following types shall be included:
The SubjectInfo field of the authorization ticket shall be set to these values:
These SubjectAttribute elements shall be included in addition to those specified in clause 7.4.1 for all certificates:
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
Enrolment credential (long-term certificates)
This clause defines additional aspects of enrolment credentials (i.e. long-term certificates) as defined in ETSI TS 102 940 [ 6 ].
For the field signer_info , exactly one of the following types shall be included:
In the SubjectInfo field of the enrolment credential, subject_type shall be set to enrollment_credential(0 ).
These SubjectAttribute elements shall be included in addition to those specified in clause 7. 4.1 for all certificates:
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
NOTE:
The
its_aid_ssp_list
is used for enrolment credentials to enforce that an ITS-S cannot expand its own service specific permissions in authorization tickets through manipulation of requests to the CA.
Certificate authority certificates
This clause defines additional aspects of certificate authority certificates.
The following SignerInfo fields shall be included:
In the SubjectInfo field of the CA certificate, subject_type shall be set to one of these types:
These SubjectAttribute elements shall be included in addition to those specified in clause 7. 4.1 for authorization authority and enrolment authority certificates :
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
NOTE:
The authorization and enrolment authority certificates contain an
its_aid_list
, because a CA should not be able to create certificates for ITS stations containing ITS-AIDs that the CA was not authorized to by the root CA.
?
Example security envelope structure for CAM
The following structure shown in table A.1 is an example security header for a CAM message. The header transports the generation time, identifies the payload as signed, and includes the hash of a certificate, that is, no full certificate is included in this case. Finally, an ECDSA NIST P-256 based signature is attached.
Table A. : An example signed header for CAM
|
Element |
Value |
Description |
Length in octets |
|
SecuredMessage |
|||
|
|
0x02 |
1 |
|
|
|
0x15 |
length: 21 octets |
1 |
|
|
0x80 |
signer_info |
1 |
|
|
0x01 |
certificate_digest_with_sha256 |
1 |
|
|
[�] |
8 |
|
|
|
0x00 |
generation_time |
1 |
|
|
[�] |
8 |
|
|
|
0x05 |
its_aid |
1 |
|
|
[�] |
ITS-AID for CAM |
1 |
|
|
payload |
||
|
|
0x01 |
signed |
1 |
|
|
0x00 |
length: 0 octets |
1 |
|
|
0 |
||
|
|
0x43 |
length: 67 octets |
1 |
|
|
0x01 |
signature |
1 |
|
|
0x00 |
ecdsa_nistp256_with_sha_256 |
1 |
|
|
|||
|
|
|||
|
|
0x00 |
x_coordinate_only |
1 |
|
|
[�] |
32 |
|
|
|
[�] |
32 |
|
|
The total size of the security header structure is 93 octets. |
|||
Example structure of a certificate
The following structure shown in table A.2 is an example of a certificate.
Table A. : An example structure of a certificate
|
Element |
Value |
Description |
Length in octets |
|
Certificate |
|||
|
|
0x02 |
1 |
|
|
|
|||
|
|
0x01 |
certificate_digest_with_sha256 |
1 |
|
|
[�] |
8 |
|
|
|
|||
|
|
0x01 |
authorization_ticket |
1 |
|
|
0x00 |
length: 0 ( no name |
1 |
|
|
0 |
||
|
|
0x2b |
length: 43 |
1 |
|
|
0x00 |
verification_key |
1 |
|
|
|||
|
|
0x00 |
ecdsa_nistp256_with_sha256 |
1 |
|
|
|||
|
|
0x02 |
compressed_lsb_y_0 |
1 |
|
|
[�] |
32 |
|
|
|
0x02 |
assurance_level |
1 |
|
|
0x83 |
level_4_confidence_3 |
1 |
|
|
0x33 |
its_aid_ssp_list |
1 |
|
|
0x04 |
length: 4 octets |
1 |
|
|
[�] |
1 |
|
|
|
0x02 |
length: 2 octets |
1 |
|
|
[�] |
2 |
|
|
|
0x09 |
length: 9 octets |
1 |
|
|
0x01 |
time_start_and_end |
1 |
|
|
[�] |
4 |
|
|
|
[�] |
4 |
|
|
|
|||
|
|
0x00 |
ecdsa_nistp256_with_sha256 |
1 |
|
|
|||
|
|
|||
|
|
0x00 |
x_coordinate_only |
1 |
|
|
[�] |
32 |
|
|
|
[�] |
32 |
|
|
The total size of this certificate is 132 octets. |
|||
?
An incoming secured message should only be accepted by the receiver if the payload of the secured message is consistent with the ITS-AID and SSP in the certificate. This consistency should be checked in two ways:
The use of ITS-AID and SSP therefore includes the following steps:
NOTE 1:
The ITS-AID and SSP are contained in the certificate, which is cryptographically authenticated and authorized by the Authorization Authority. Because of this cryptographic authentication, it is impossible for the certificate holder to change their permissions without causing cryptographic authentication to fail.
NOTE 2:
The ETSI TS 103 097 certificate format allows a certificate to contain multiple (ITS-AID, SSP) pairs. In this case, the receiving side processing is expected to know which ITS-AID is to be used in conjunction with an incoming message.
One way to make the concept of SSP future proof is to add the version number of the corresponding facility to the SSP.
The interpretation of the SSP is specific for each facility. One possible way to implement it is to use a bit map to define which permissions a sender is authorized to use.
The bit value "1" then means that the sender is authorized to use the corresponding feature and consequently the bit value "0" means that the sender is not authorized to use it.
?
|
Document history |
||
|
V1.1.1 |
April 2013 |
Publication |
|
V1.2 . 1 |
June 2015 |
Publication |
