ETSI TS 103 097 V1.2.1 (2015-06)
Intelligent Transport Systems (ITS);
Security;
Security header and certificate formats
Technical Specification
�
Reference
RTS/ITS-00531
Keywords
ITS, privacy, protocol, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2015.
All rights reserved.
DECT
TM
, PLUGTESTS
TM
, UMTS
TM
and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
3GPP
TM
and LTE
™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM
® and the GSM logo are Trade Marks registered and owned by the GSM Association.
�
Contents
Foreword 55
Modal verbs terminology 55
Introduction 55
1Scope 66
2References 66
2.1Normative references 66
2.2Informative references 66
3Definitions and abbreviations 77
3.1Definitions 77
3.2Abbreviations 77
4Basic format elements 77
4.1Presentation Language 77
4.2Specification of basic format elements 99
4.2.1IntX 99
4.2.2PublicKeyAlgorithm 99
4.2.3SymmetricAlgorithm 99
4.2.4PublicKey 99
4.2.5EccPoint 1010
4.2.6EccPointType 1111
4.2.7EncryptionParameters 1111
4.2.8Signature 1111
4.2.9EcdsaSignature 1212
4.2.10SignerInfo 1212
4.2.11SignerInfoType 1313
4.2.12HashedId8 1313
4.2.13HashedId3 1313
4.2.14Time32 1414
4.2.15Time64 1414
4.2.16Time64WithStandardDeviation 1414
4.2.17Duration 1414
4.2.18TwoDLocation 1515
4.2.19ThreeDLocation 1515
4.2.20GeographicRegion 1515
4.2.21RegionType 1616
4.2.22CircularRegion 1616
4.2.23RectangularRegion 1616
4.2.24PolygonalRegion 1717
4.2.25IdentifiedRegion 1717
4.2.26RegionDictionary 1717
5Specification of security header 1717
5.1SecuredMessage 1717
5.2Payload 1818
5.3PayloadType 1818
5.4HeaderField 1818
5.5HeaderFieldType 2020
5.6TrailerField 2020
5.7TrailerFieldType 2020
5.8RecipientInfo 2121
5.9EciesEncryptedKey 2121
6Specification of certificate format 2222
6.1Certificate 2222
6.2SubjectInfo 2323
6.3SubjectType 2323
6.4SubjectAttribute 2323
6.5SubjectAttributeType 2424
6.6SubjectAssurance 2424
6.7ValidityRestriction 2525
6.8ValidityRestrictionType 2525
6.9ItsAidSsp 2525
7Security profiles 2626
7.1Security profile for CAMs 2626
7.2Security profile for DENMs 2727
7.3Generic security profile for other signed messages 2828
7.4Profiles for certificates 2929
7.4.1Introduction 2929
7.4.2Authorization tickets (pseudonymous certificates) 3030
7.4.3Enrolment credential (long-term certificates) 3030
7.4.4Certificate authority certificates 3030
Annex A (informative):Data structure examples 3232
A.1Example security envelope structure for CAM 3232
A.2Example structure of a certificate 3333
Annex B (informative):Usage of ITS-AID and SSPs 3434
History 3535
�
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for
ETSI members and non-members
, and can be found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (
http://ipr.etsi.org
).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document.
In the present document "
shall
", "
shall not
", "
should
", "
should not
", "
may
", "
need not
", "
will
", "
will not
", "
can
" and "
cannot
" are to be interpreted as described in clause 3.2 of the
ETSI Drafting Rules
(Verbal forms for the expression of provisions).
"
must
" and "
must not
" are
NOT
allowed in ETSI deliverables except when used in direct citation.
Security mechanisms for ITS consist of a number of parts. An important part for interoperability is a common format for data elements being transferred between ITS stations for security purposes.
The present document intends to provide such a format definition. A special focus is to include as much as possible from existing standards. At the same time, the major goal is simplicity and extensibility of data structures.
�
The present document specifies security header and certificate formats for Intelligent Transport Systems. These formats are defined specifically for securing G5 communication.
References are either specific (identified by date of publication and/or edition number or version number) or non‑specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference
.
NOTE:While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
The following referenced documents are necessary for the application of the present document.
[]IEEE™ 1363-2000: "IEEE Standard Specifications For Public Key Cryptography".
[]NIMA Technical Report TR8350.2: "Department of Defense World Geodetic System 1984. Its Definition and Relationships with Local Geodetic Systems".
[]ISO 3166-1: "Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes".
[]NIST SP 800-38C: "Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality".
[]IETF RFC 2246: "The TLS Protocol Version 1.0".
[]ETSI TS 102 940: "Intelligent Transport Systems (ITS); Security; ITS communications security architecture and security management".
[]ETSI TS 102 965 (V1.2.1): "Intelligent Transport Systems (ITS); Application Object Identifier (ITS-AID); Registration".
References are either specific (identified by date of publication and/or edition number or version number) or non‑specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies.
NOTE:While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.
[i.]IEEE™ 1363a-2004: "Standard Specifications For Public Key Cryptography - Amendment 1: Additional Techniques".
[i.]IEEE™ 1609.2-2012 (draft D12): "Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages".
[i.]IEEE™ 1609.2-2012 (draft D17): "Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages".
[i.]IEEE™ 1609.3-2010: "Wireless Access in Vehicular Environments (WAVE) - Networking Services".
[i.]Standards for Efficient Cryptography 4 (SEC 4): "Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV)".
[i.]Antipa A., R. Gallant, and S. Vanstone: "Accelerated verification of ECDSA signatures", Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005: Springer, 2005, pp. 307-318.
For the purposes of the present document, the following terms and definitions apply:
enumeration: set of values with distinct meaning
For the purposes of the present document, the following abbreviations apply:
AESAdvanced Encryption Standard
CACertificate Authority
CAMCooperative Awareness Message
CRLCertificate Revocation List
DENMDecentralized Environmental Notification Message
DHAESDiffie-Hellman: An Encryption Scheme
ECCElliptic Curve Cryptography
ECDSAElliptic Curve Digital Signature Algorithm
ECIES Elliptic Curve Integrated Encryption Scheme
ECQVElliptic Curve Qu-Vanstone
NOTE:Implicit Certificate Scheme.
G55,9 GHz radio communications
ITSIntelligent Transport Systems
ITS-AIDITS Application ID
ITS-SIntelligent Transport Systems Station
LSBLeast Significant Bit
NIMANational Imagery and Mapping Agency
NIST SPNational Institute of Standards and Technology, Special Publication
PSIDProvider Service Identifier
NOTE:It is a synonym for ITS-AID.
SSPService Specific Permissions
TAITemps Atomique International (International Atomic Time)
TLSTransport Layer Security
UTCUniversal Time Coordinated
WGSWorld Geodetic System
The presentation language is derived from the Internet Engineering Task Force (IETF) RFC 2246 (TLS) [5] and from IEEE 1609.2-2012 [i.2] (draft D12) and is described in table 1. The encoding of multi-byte elements of the presentation language shall always use network byte order, i.e. big endian byte order, if applicable.
NOTE:The presentation language is not formally defined. Parsing tools based on this notation cannot be guaranteed to be consistent or complete.
Table : Presentation language
Element |
Description |
Example(s) |
Variable names |
Variable names are given in lower case |
variable_name |
Basic data types |
Basic data types are given in lower case |
uint8, uint16, uint32, uint64 |
Composed data types |
Composed data types are given with at least the first letter in upper case |
MyDataType |
Comments |
Comments start with the "//" indicator |
// This is a comment |
Numbers |
Numbers are given as signed or unsigned big-endian octets |
uint8, uint16, uint32, uint64, sint32 |
Fixed-length vectors |
Fixed-length vectors have a data type and a fixed octet size given in square brackets |
uint8 Coordinates[2]; // two uint8 values uint32 Coordinates[8]; // two uint32 values |
Variable-length vectors with fixed-length length encoding |
The number in angle brackets gives the maximum number of octets. Depending on the maximum size, the first 1 byte, 2 bytes, 4 bytes or 8 bytes encode the actual field length |
uint8 AsciiChar; AsciiChar Name<2^8‑1>; // "abc" encoded as // 0x03, 0x61, 0x62, 0x63 AsciiChar LongName<2^16‑1>; // "abc" encoded as // 0x00, 0x03, 0x61, 0x62, 0x63 |
Variable-length vectors with variable-length length encoding |
<var> indicates variable-length encoding. The length itself is encoded with a number of "1" bits according to the additional number of octets used to encode the length, followed by a "0" bit and the actual length value. The maximum length shall be 256 - 1, i.e. at most seven "1" bits followed by a "0" bit shall be used for the variable-length length encoding. The length of variable-length vectors with variable-length length encoding shall be encoded as positive integer using the minimum number of bits necessary |
uint8 AsciiChar; AsciiChar Name<var>;
// encoding examples: (the bits with // grey background represent the
// Vector length 5:
// Vector length 123:
// Vector length 388: |
Opaque fields |
Opaque fields are blocks of data whose content interpretation is not further specified |
opaque fieldname[n]; opaque fieldname<n>; opaque fieldname<var>; |
Enumerations |
Enumerations are list of labels with a unique value for each label, and optionally a maximum value (which then determines length of encoding) |
enum {de(0), fr(1), it(2)} Country; enum {de(0), fr(1), it(2), (2^8‑1)} Country; // both variants encoding in one // octet enum {de(0), fr(1), it(2), (2^16‑1)} Country; // Encoding in two octets |
Constructed types |
Constructed types contain other types |
struct { Name name; Country country; } Person; |
Case statements |
Case statements are used inside constructed types to change the contents of the constructed type depending on the value of the variable given in brackets |
struct { Name name; Country country; select(country) { case de: uint8 age; case fr: AsciiChar given_name<2^8‑1>; } } Person; |
External data |
This is external data that has impact on a struct, e.g. in a select statement. It shall be described from where the external data is obtained |
struct { Name name; extern Country country; select(country) { case de: uint8 age; case fr: AsciiChar given_name<2^8‑1>; } } Person; |
int_x IntX;
This data type encodes an integer of variable length. The length of this integer is encoded by a number of 1 bits followed by a 0 bit, where the number of 1 bits is equal to the number of additional octets used to encode the integer besides those used (partially) to encode the length. The encoding of the length shall use at most 7 bits set to 1.
EXAMPLE:00001010 encodes the integer 10, while 10001000 10001000 encodes the integer 2 184. The bits encoding the length of the element are coloured with a grey background.
NOTE:This definition is similar to the definition of PSID in IEEE 1609.3-2010 [i.4], clause 8.1.3, but allows bigger values of the encoded integer.
enum {
ecdsa_nistp256_with_sha256(0),
ecies_nistp256(1),
reserved(240..255),
(2^8-1)
} PublicKeyAlgorithm;
This enumeration lists supported algorithms based on public key cryptography. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:This definition is similar to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.16, but ecdsa_nistp224_with_sha224 is not supported by the present document. As a consequence, the numbering of identical elements (e.g. ecies_nistp256) differs.
enum {
aes_128_ccm (0),
reserved (240..255),
(2^8-1)
} SymmetricAlgorithm;
This enumeration lists supported algorithms based on symmetric key cryptography. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes. The algorithm aes_128_ccm denotes the symmetric key cryptography algorithm AES-CCM as specified in NIST SP 800-38C [4].
NOTE:Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.23.
struct {
PublicKeyAlgorithmalgorithm;
select(algorithm) {
case ecdsa_nistp256_with_sha256:
EccPoint public_key;
case ecies_nistp256:
SymmetricAlgorithmsupported_symm_alg;
EccPoint public_key;
unknown:
opaque other_key<var>;
}
} PublicKey;
This structure defines a wrapper for public keys by specifying the used algorithm and - depending on the value of algorithm - the necessary data fields:
NOTE:Except naming of included types, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.31.
struct {
extern PublicKeyAlgorithmalgorithm;
extern uint8 field_size;
EccPointType type;
opaque x[field_size];
select(type) {
case x_coordinate_only:
case compressed_lsb_y_0:
case compressed_lsb_y_1:
;
case uncompressed:
opaque y[field_size];
unknown:
opaque data<var>;
}
} EccPoint;
This structure defines a public key based on elliptic curve cryptography according to IEEE 1363-2000 [1], clause 5.5.6. An EccPoint encodes a coordinate on a two dimensional elliptic curve. The x coordinate of this point shall be encoded in x as an unsigned integer. Depending on the key type, the y coordinate shall be encoded case-specific:
The uint8 field_size defining the lengths of the vectors containing the raw keys shall be derived from the given algorithm and the mapping as defined in table 2. The necessary algorithm shall be given as an external link to the parameter pk_encryption specified in the structure RecipientInfo .
Table : Derivation of field sizes |
|
PublicKeyAlgorithm value |
Length in octets |
ecdsa_nistp256_with_sha256 |
32 |
ecies_nistp256 |
32 |
NOTE:Except inclusion of all remaining elements of the enumeration EccPointType that previously matched to case uncompressed and inclusion of case unknown, this definition is identical to the EccPublicKey in IEEE 1609.2 Draft D12 [i.2], clause 6.2.18.
enum {
x_coordinate_only(0),
compressed_lsb_y_0(2),
compressed_lsb_y_1(3),
uncompressed(4),
(2^8-1)
} EccPointType;
This enumeration lists supported ECC point types.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.19.
struct {
SymmetricAlgorithm symm_algorithm;
select(symm_algorithm) {
case aes_128_ccm:
opaque nonce[12];
unknown:
opaque params<var>;
}
} EncryptionParameters;
This structure holds basic parameters and additional data required for encryption and decryption of data using different symmetric encryption algorithms. In case of aes_128_ccm a 12 octet nonce shall be given. The parameter Tlen according to NIST SP 800-38C [4] shall be set to Tlen = 128 (bits) and no associated data shall be given. In other cases the data shall be given as a variable-length vector containing opaque data. It is out of scope of this definition how resulting ciphertexts are transported. Typically, a ciphertext should be put into a Payload data structure marked as encrypted using the PayloadType .
NOTE:This structure is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
PublicKeyAlgorithmalgorithm;
select(algorithm) {
case ecdsa_nistp256_with_sha256:
EcdsaSignatureecdsa_signature;
unknown:
opaque signature<var>;
}
} Signature;
This structure defines a container that encapsulates signatures based on public key cryptography. Depending on the value of algorithm, different data structures define the algorithm-specific details:
The data in this structure can be used to verify a data structure's integrity. In conjunction with a matching SignerInfo structure, the data structure's authenticity can also be verified.
It is necessary to note the following points:
NOTE:Except naming and full inclusion (not marked as extern) of the enumeration PublicKeyAlgorithm, this definition is identical to the one in IEEE.1609.2 Draft D12 [i.2], clause 6.2.15.
struct {
extern PublicKeyAlgorithmalgorithm;
extern uint8 field_size;
EccPoint R;
opaque s[field_size];
} EcdsaSignature;
This structure defines the details needed to describe an ECDSA based signature. This field's length field_size is derived from the applied ECDSA algorithm using the mapping as specified in table 2. The extern link that specifies the algorithm points to the algorithm defined in the surrounding Signature structure. R contains the x coordinate of the elliptic curve point resulting from multiplying the generator element by the ephemeral private key. The EccPointType of R shall be set to either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only.
NOTE 1:Except naming of included type PublicKeyAlgorithm, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.17.
NOTE 2:It is possible to add extra information by transferring the complete point R in a compressed form instead of only the x coordinate. This extra information may then be used for a faster signature verification algorithm as outlined in "Accelerated verification of ECDSA signatures" [i.6].
struct {
SignerInfoType type;
select(type){
case self:
;
case certificate_digest_with_sha256:
HashedId8 digest;
case certificate:
Certificate certificate;
case certificate_chain:
Certificate certificates<var>;
case certificate_digest_with_other_algorithm:
PublicKeyAlgorithmalgorithm;
HashedId8 digest;
unknown:
opaque info<var>;
}
} SignerInfo;
This structure defines how to give information about the signer of a message. The included cryptographic identity can be used in conjunction with the structure Signature to verify a message's authenticity. Depending on the value of type, the SignerInfo 's data fields shall contain the following entries:
NOTE:Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.4.
enum {
self(0),
certificate_digest_with_sha256(1),
certificate(2),
certificate_chain(3),
certificate_digest_with_other_algorithm(4),
reserved(240..255),
(2^8-1)
} SignerInfoType;
This enumeration lists methods to describe a message's signer. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:This definition is similar to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.5, but naming and certificate_digest_with_ecdsap224 is not supported by the present document. As a consequence, the numbering of identical elements (e.g. certificate_chain) differs.
opaqueHashedId8[8];
This value is used to identify data such as a certificate. It shall be calculated by first computing the SHA‑256 hash of the input data, and then taking the least significant eight bytes from the hash output.
A canonical encoding for the EccPoint R contained in the signature field of a Certificate shall be used when calculating the SHA-256 hash from a Certificate. This canonical encoding shall temporarily replace the value of the EccPointType of the point R of the Certificate with x_coordinate_only for the hash computation.
NOTE 1:Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.6.
NOTE 2:The canonical encoding is used to remove the possibility of manipulating the certificate in a way that results in different HashedId8 identifiers for the same certificate by changing the EccPointType. Implementations that do not use the fast verification according to "Accelerated verification of ECDSA signatures" [i.6] cannot detect this manipulation.
opaqueHashedId3[3];
This value is used to give an indication on an identifier, where real identification is not required. This can be used to request a certificate from other surrounding stations. It shall be calculated by first computing the SHA‑256 hash of the input data, and then taking the least significant three bytes from the hash output. If a corresponding HashedId8 value is available, it can be calculated by truncating the longer HashedId8 to the least significant three bytes.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
uint32Time32;
Time32 is an unsigned 32-bit integer, encoded in big-endian format, giving the number of International Atomic Time (TAI) seconds since 00:00:00 UTC, 01 January 2004.
NOTE 1:The period of 2 32 seconds lasts about 136 years that is until 2140.
NOTE 2:This definition is identical to the one in IEEE 1609.2 Draft D17 [i.3], clause 6.3.31.
uint64Time64;
Time64 is a 64-bit unsigned integer, encoded in big-endian format, giving the number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D17 [i.3], clause 6.2.12.
struct {
Time64time;
uint8log_std_dev;
} Time64WithStandardDeviation;
This structure defines how to encode time along with the standard deviation of time values. log_std_dev values 0 to 254 represent the rounded up value of the log to the base 1,134666 of the implementation's estimate of the standard deviation in units of nanoseconds. Values greater than 1,134666 254 nanoseconds are represented by the value 254, i.e. a day or longer. If the standard deviation is unknown, value 255 shall be used.
NOTE 1:This definition is identical to the one in IEEE 1609.2 Draft D17 [i.3], clause 6.2.11.
NOTE 2:This definition is currently unused in the security profiles in clause 7.
uint16Duration;
This uint16 encodes the duration of a time span (e.g. a certificate's validity). The first three bits shall encode the units as given in table 3. The remaining 13 bits shall be treated as an integer encoded.
NOTE 1:Except naming, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.5.
NOTE 2:This definition is currently unused in the security profiles in clause 7.
Table : Interpretation of duration unit bits |
|
Bits |
Interpretation |
000 |
seconds |
001 |
minutes (60 seconds) |
010 |
hours (3 600 seconds) |
011 |
60 hour blocks (216 000 seconds) |
100 |
years (31 556 925 seconds) |
101, 110, 111 |
undefined |
struct {
sint32latitude;
sint32longitude;
} TwoDLocation;
This structure defines how to specify a two dimensional location. It is used to define validity regions of a certificate. latitude and longitude encode a coordinate in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum as defined in NIMA Technical Report TR8350.2 [2].
The permitted values of latitude range from ‑900 000 000 to +900 000 000. The value 900 000 001 shall indicate the latitude as not being available.
The permitted values of longitude range from ‑1 800 000 000 to +1 800 000 000. The value 1 800 000 001 shall indicate the longitude as not being available.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.18.
struct {
sint32latitude;
sint32longitude;
opaqueelevation[2];
} ThreeDLocation;
This structure defines how to specify a three dimensional location. latitude and longitude encode coordinate in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum as defined in NIMA Technical
Report TR8350.2 [2].
The permitted values of latitude range from ‑900 000 000 to +900 000 000. The value 900 000 001 shall indicate the latitude as not being available.
The permitted values of longitude range from ‑1 800 000 000 to +1 800 000 000. The value 1 800 000 001 shall indicate the longitude as not being available.
elevation shall contain the elevation relative to the WGS-84 ellipsoid in decimetres. The value is interpreted as an asymmetric signed integer with an encoding as follows:
EXAMPLES: 0x0000 = 0 metre
0x03E8 = 100 metres
0xF7D1 = ‑209,5 metres (0xF001 + 0x07D0 = ‑409,5 metres + 200 metres).
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.12.
struct {
RegionType region_type;
select(region_type){
case circle:
CircularRegion circular_region;
case rectangle:
RectangularRegionrectangular_region<var>;
case polygon:
PolygonalRegion polygonal_region;
case id:
IdentifiedRegionid_region;
case none:
;
unknown:
opaque other_region<var>;
}
} GeographicRegion;
This structure defines how to encode geographic regions. These regions can be used to limit the validity of certificates.
In case of rectangle, the region shall consist of a variable-length vector of rectangles that may be overlapping or disjoint. The variable-length vector shall not contain more than 6 rectangles. The region covered by the rectangles shall be continuous and shall not contain holes.
NOTE:Except inclusion of case id, this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.13.
enum {
none(0),
circle(1),
rectangle(2),
polygon(3),
id(4),
reserved(240..255),
(2^8-1)
} RegionType;
This enumeration lists possible region types. Values in the range of 240 to 255 shall not be used as they are reserved for internal testing purposes.
NOTE:This definition is similar to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.14, but the identifier numbering differs, the region ID id was added and from_issuer removed.
struct {
TwoDLocation center;
uint16 radius;
} CircularRegion;
This structure defines a circular region with radius given in metres and center at center. The region shall include all points on the reference ellipsoid's surface with a distance over surface of Earth equal to or less than the radius to the center point. For a location of type ThreeDLocation, i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the circular region.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.15.
struct {
TwoDLocationnorthwest;
TwoDLocationsoutheast;
} RectangularRegion;
This structure defines a rectangular region by connecting the four points in the order (northwest.latitude, northwest.longitude), (northwest.longitude, southeast.longitude), (southeast.longitude, southeast.longitude), and (southeast.longitude, northwest.longitude). If two consecutive points P and Q define a line of constant latitude or longitude from P to Q, the left side of the line is defined as being outside of the polygon and the line itself and the right side of the line to be inside the rectangular region. A rectangular region is only valid if the location northwest is north of the location southeast. For a location of type ThreeDLocation, i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the rectangular region.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.16.
TwoDLocationPolygonalRegion<var>;
This variable-length vector describes a region by enumerating points on the region's boundary. If two consecutively specified points P and Q define a line of constant bearing from P to Q, the left side of the line is defined as being outside of the polygon and the line itself and the right side of the line to be inside the polygon. The points shall be linked to each other, with the last point linked to the first. No intersections shall occur and at least 3 and no more than 12 points shall be given. The specified region shall be continuous and shall not contain holes. For a location of type ThreeDLocation, i.e. the location contains an elevation component, the horizontal projection onto the reference ellipsoid is used to determine if the location lies within the polygonal region.
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.17.
struct {
RegionDictionaryregion_dictionary;
uint16 region_identifier;
IntX local_region;
} IdentifiedRegion;
This structure defines a predefined geographic region determined by the region dictionary region_dictionary and the region identifier region_identifier. local_region may optionally specify a more detailed region within the region. If the whole region is meant, local_region shall be set to 0. The details of local_region are unspecified.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
enum {
iso_3166_1(0),
un_stats(1),
(2^8-1)
} RegionDictionary;
This enumeration lists dictionaries containing two-octet records of globally defined regions. The dictionary that corresponds to iso_3166_1 shall contain values that correspond to numeric country codes as defined in ISO 3166-1 [3]. The dictionary that corresponds to un_stats shall contain values as defined by the United Nations Statistics Division, which is a superset of ISO 3166-1 [3] including compositions of regions.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
uint8 protocol_version;
HeaderField header_fields<var>;
Payload payload_field;
TrailerFieldtrailer_fields<var>;
} SecuredMessage;
This structure defines how to encode a generic secured message:
Further information about how to fill these variable-length vectors is given via security profiles in clause 7.
NOTE 1:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
NOTE 2:An example for a reason to increase the protocol_version is a change to the epoch in clause 4.2.15 and clause 4.2.16, which leads to incompatible messages. A counterexample would be an additional header field using the unknown case in clause 5.4. This header field can be ignored by old implementations, if the syntax is kept identical and the versions are compatible. Hence, the protocol_version should not be increased.
struct {
PayloadType type;
select (type) {
case signed_external:
;
case unsecured:
case signed:
case encrypted:
case signed_and_encrypted:
unknown:
opaquedata<var>;
}
} Payload;
This structure defines how to encode payload. In case of externally signed payload, no payload data shall be given as all data is external. In this case, the external data shall be included when calculating the signature, at the position where a non-external payload would be. In all other cases, the data shall be given as a variable-length vector containing opaque data.
NOTE 1:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
NOTE 2:Payloads of type signed_external are needed to add a signature in a non-intrusive way to an existing protocol stack, e.g. for extending an IPv6 stack.
enum {
unsecured(0),
signed(1),
encrypted(2),
signed_external(3),
signed_and_encrypted(4),
(2^8-1)
} PayloadType;
This enumeration lists the supported types of payloads.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
HeaderFieldType type;
select(type) {
case generation_time:
Time64 generation_time;
case generation_time_standard_deviation:
Time64WithStandardDeviation generation_time_with_standard_deviation;
case expiration:
Time32 expiry_time;
case generation_location:
ThreeDLocation generation_location;
case request_unrecognized_certificate:
HashedId3 digests<var>;
case its_aid:
IntX its_aid;
case signer_info:
SignerInfo signer;
case encryption_parameters:
EncryptionParameters enc_params;
case recipient_info:
RecipientInfo recipients<var>;
unknown:
opaque other_header<var>;
}
} HeaderField;
This structure defines how to encode information of interest to the security layer. Its content depends on the value of type:
Furthermore, the HeaderField structure defines cryptographic information that is required for single-pass processing of the payload:
For extensibility, the structure contains a variable field:
NOTE 1:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
NOTE 2:The generation_time_standard_deviation and the expiration header fields are currently unused in the security profiles in clause 7.
enum {
generation_time(0),
generation_time_standard_deviation(1),
expiration(2),
generation_location(3),
request_unrecognized_certificate(4),
its_aid(5),
signer_info(128),
encryption_parameters(129),
recipient_info(130),
(2^8-1)
} HeaderFieldType;
This enumeration lists the supported types of header fields.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
TrailerFieldType type;
select(type) {
case signature:
Signature signature;
unkown:
opaque security_field<var>;
}
} TrailerField;
This structure defines how to encode information used by the security layer after processing the payload. A trailer field may contain data of the following cases:
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
enum {
signature(1),
(2^8-1)
} TrailerFieldType;
This enumeration lists the supported types of trailer fields.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
HashedId8 cert_id;
PublicKeyAlgorithm pk_encryption;
select (pk_encryption) {
case ecies_nistp256:
EciesEncryptedKey enc_key;
unknown:
opaque enc_key<var>;
}
} RecipientInfo;
This structure contains information for the decryption of a message for a recipient. This information is used to distribute recipient specific data. cert_id determines the 8 octet identifier for the recipient's certificate. Depending on the value of pk_encryption, the following additional data shall be given:
NOTE:Except naming of included type PublicKeyAlgorithm and full inclusion of pk_encryption (not extern), this definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.24.
struct {
extern SymmetricAlgorithm symm_alg;
extern uint32 symm_key_len;
EccPoint v;
opaque c[symm_key_len];
opaque t[16];
} EciesEncryptedKey;
This structure defines how to transmit an ECIES-encrypted symmetric key as defined in IEEE
Std 1363a‑2004 [i.1]. The
EccPoint
v contains the sender's ECC ephemeral key used for the Elliptic Curve Encryption Scheme. This ephemeral key v shall only be used once and for every encryption a new key shall be generated. The vector c contains the encrypted (AES) key. The vector t contains the authentication tag. The symm_key_len defines the length of vector c containing the encrypted (AES) key and shall be derived from the given algorithm symm_alg and the mapping as defined in table 4. The necessary algorithm shall be given as an external link to the parameter
symm_algorithm
specified in the structure
EncryptionParameters
. To ensure the external link to the
SymmetricAlgorithm
symm_alg
can be resolved, this
EciesEncryptedKey
structure shall be preceded by an according
EncryptionParameters
structure.
Further parameters used for the encryption and decryption using ECIES shall be:
Table : Derivation of symmetric key size depending on the used algorithm |
|
SymmetricAlgorithm value |
Length in octets |
aes_128_ccm |
16 |
NOTE:This definition is identical to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.2.25.
struct {
uint8 version;
SignerInfo signer_info;
SubjectInfo subject_info;
SubjectAttribute subject_attributes<var>;
ValidityRestriction validity_restrictions<var>;
Signature signature;
} Certificate;
This structure defines how to encode a certificate.
NOTE 1:A certificate is considered valid if the current time is within the validity period specified in the certificate, the current region is within the validity region specified in the certificate, the type of the certificate is valid for the current type of communication, the signature, which covers all fields except the signature itself, is valid, and the certificate of the signer is valid as signer for the given certificate's type. If the certificate is self-signed, it is valid if it is stored as a trusted certificate.
NOTE 2:This definition differs substantially from the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.1.
struct {
SubjectType subject_type;
opaque subject_name<2^8-1>;
} SubjectInfo;
This structure defines how to encode information about a certificate's subject. It contains the type of information in subject_type and the information itself in the variable-length vector subject_name. The subject_name variable-length vector shall have a maximum length of 32 bytes.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
enum {
enrollment_credential(0),
authorization_ticket(1),
authorization_authority(2),
enrollment_authority(3),
root_ca(4),
crl_signer(5),
(2^8-1)
} SubjectType;
This enumeration lists the possible types of subjects:
NOTE:This definition substantially differs from the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.3.
struct {
SubjectAttributeTypetype;
select(type) {
case verification_key:
case encryption_key:
PublicKey key;
case reconstruction_value:
EccPoint rv;
case assurance_level:
SubjectAssuranceassurance_level;
case its_aid_list:
IntX its_aid_list<var>;
case its_aid_ssp_list:
ItsAidSsp its_aid_ssp_list<var>;
unknown:
opaque other_attribute<var>;
}
} SubjectAttribute;
This structure defines how to encode a subject attribute. These attributes serve the purpose of specifying the technical details of a certificate's subject. Depending on the value of type, the following additional data shall be given:
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
enum {
verification_key(0),
encryption_key(1),
assurance_level(2),
reconstruction_value(3),
its_aid_list(32),
its_aid_ssp_list(33),
(2^8-1)
} SubjectAttributeType;
This enumeration lists the possible types of subject attributes.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
opaqueSubjectAssurance;
This field contains the ITS‑S's assurance, which denotes the ITS‑S's security of both the platform and storage of secret keys as well as the confidence in this assessment.
This field shall be encoded as defined in table 5, where "A" denotes bit fields specifying an assurance level, "R" reserved bit fields and "C" bit fields specifying the confidence.
Table 5: Bitwise encoding of subject assurance
Bit number |
7 |
6 |
5 |
4 |
3 |
2 |
1 |
0 |
Interpretation |
A |
A |
A |
R |
R |
R |
C |
C |
In table 5, bit number 0 denotes the least significant bit. Bit 7 to bit 5 denote the ITS-S's assurance levels, bit 4 to bit 2 are reserved for future use and bit 1 and bit 0 denote the confidence.
The specification of these assurance levels as well as the encoding of the confidence levels is outside the scope of the present document. The default (no assurance) shall be all bits set to 0.
NOTE 1:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
NOTE 2:A process should be defined how to evaluate each implementation and how to assign a corresponding subject assurance according to the evaluation result(s). However, this process is out of scope of the present document.
struct {
ValidityRestrictionType type;
select(type){
case time_end:
Time32 end_validity;
case time_start_and_end:
Time32 start_validity;
Time32 end_validity;
case time_start_and_duration:
Time32 start_validity;
Duration duration;
case region:
GeographicRegionregion;
unknown:
opaque data<var>;
}
} ValidityRestriction;
This structure defines ways to restrict the validity of a certificate depending on the value of type:
A valid certificate shall contain exactly one validity restriction of type time_end, time_start_and_end, or time_start_and_duration.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
enum {
time_end(0),
time_start_and_end(1),
time_start_and_duration(2),
region(3),
(2^8-1)
} ValidityRestrictionType;
This enumeration lists the possible types of restrictions to a certificate's validity.
NOTE:This definition is not available in IEEE 1609.2 Draft D12 [i.2].
struct {
IntX its_aid;
opaque service_specific_permissions<var>;
} ItsAidSsp;
This structure defines how to encode an ITS-AID with associated Service Specific Permissions (SSP). service_specific_permissions shall have a maximum length of 31 octets. The definition of SSPs is out of scope of the present document.
NOTE:This definition is similar to the one in IEEE 1609.2 Draft D12 [i.2], clause 6.3.24, but uses different naming, a slightly more flexible encoding of the ITS-AID.
This clause defines which fields shall be included in the SecuredMessage structure for Cooperative Awareness Messages (CAMs) as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included in all CAMs. With the exception of signer_info, which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure:
The HeaderField element request_unrecognized_certificate shall be included if an ITS-S received CAMs from other ITS-Ss, which the ITS-S has never encountered before and which included only a signer_info field of type certificate_digest_with_sha256 instead of a signer_info HeaderField of type certificate. In this case, the signature of the received CAMs cannot be verified because the verification key is missing. The field digests<var> in the structure of request_unrecognized_certificate shall be filled with a list of HashedId3 elements of the missing ITS-S certificates.
NOTE 1: HashedId3 elements can be formed by using the least significant three bytes of the corresponding HashedId8.
None of the possible HeaderField cases shall be included more than once. All other HeaderField types defined in clause 5 shall not be used. Future HeaderField types may be included. Any other HeaderField types included shall not be used to determine the validity of the message.
A Payload element shall be included for all CAMs. This element shall be of type signed and contain the CAM payload.
These TrailerField elements shall be included in all CAMs:
NOTE 2:Table 6 illustrates which parts of a SecuredMessage are taken into account when generating the signature of a message.
Table 6: Example for the ECDSA signature generation for a SecuredMessage
Element |
Description |
SecuredMessage | |
uint8 protocol_version |
Covered by the signature |
HeaderField header_fields<var> |
|
… |
|
Payload payload_fields<var> |
|
… |
|
TrailerField trailer_fields<var> |
|
TrailerFieldType type |
|
PublicKeyAlgorithm algorithm |
Not covered by the signature |
EcdsaSignature ecdsa_signature |
|
EccPoint R |
|
EccPointType type |
|
opaque x[32] |
ECDSA signature (r,s) |
opaque s[32] |
This clause defines which fields shall always be included in the SecuredMessage structure for Decentralized Environmental Notification Messages (DENMs) as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included in all DENMs. With the exception of signer_info, which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure:
None of the possible HeaderField cases shall be included more than once. All other HeaderField types defined in clause 5 shall not be used. Future HeaderField types may be included. Any other HeaderField types included shall not be used to determine the validity of the message.
A Payload element shall be included for all DENMs. This element shall be of type signed and contain the DENM payload.
These TrailerField elements shall be included in all DENMs:
This clause defines which fields shall always be included in the SecuredMessage structure for other signed messages as well as the scope of application of cryptographic features applied to the header.
These HeaderField elements shall be included. With the exception of signer_info, which is encoded first, all header_field elements shall be included in ascending order according to the numbering of the enumeration of the according type structure:
None of the possible HeaderField cases shall be included more than once. Additional HeaderField types are allowed.
A Payload element of type signed, signed_external or signed_and_encrypted shall be included.
These TrailerField elements shall be included:
Clause 7.4 defines which types of variable fields shall always be included in certificates.
The version field of a certificate shall be set according to clause 6.1.
The following SubjectAttribute elements shall be included:
Exactly one of the following ValidityRestriction fields shall be included:
The options time_start_and_end or time_start_and_duration should be preferred. If the signer_info is different from self, then the validity period defined by time_end, time_start_and_end or time_start_and duration shall be within the validity period of the certificate referenced by the signer_info.
A certificate shall contain a validity restriction of type region, if the certificate referenced by the signer_info contains a validity restriction of type region. Every certificate with a validity restriction of type region shall contain a region that is covered by the certificate referenced by the signer_info. For the field signer_info, exactly one of the following types shall be included:
Apart from these fields, certificate contents may be extended depending on the purpose of the certificate.
All certificates shall contain a Signature field containing a signature calculated over these fields of the Certificate data structure:
Every certificate containing an its_aid_list or its_aid_ssp_list subject attribute shall contain a subset of the permissions that are contained in the certificate referenced by the signer_info. An its_aid in an its_aid_list shall be interpreted as containing a superset of all possible service specific permissions of this its_aid.
This clause defines additional aspects of authorization tickets (i.e. pseudonymous certificates) as defined in ETSI TS 102 940 [6].
For the field signer_info, exactly one of the following types shall be included:
The SubjectInfo field of the authorization ticket shall be set to these values:
These SubjectAttribute elements shall be included in addition to those specified in clause 7.4.1 for all certificates:
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
This clause defines additional aspects of enrolment credentials (i.e. long-term certificates) as defined in ETSI TS 102 940 [6].
For the field signer_info, exactly one of the following types shall be included:
In the SubjectInfo field of the enrolment credential, subject_type shall be set to enrollment_credential(0).
These SubjectAttribute elements shall be included in addition to those specified in clause 7.4.1 for all certificates:
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
NOTE:The its_aid_ssp_list is used for enrolment credentials to enforce that an ITS-S cannot expand its own service specific permissions in authorization tickets through manipulation of requests to the CA.
This clause defines additional aspects of certificate authority certificates.
The following SignerInfo fields shall be included:
In the SubjectInfo field of the CA certificate, subject_type shall be set to one of these types:
These SubjectAttribute elements shall be included in addition to those specified in clause 7.4.1 for authorization authority and enrolment authority certificates:
As ValidityRestriction field restricting the time of validity, time_start_and_end shall be included.
NOTE:The authorization and enrolment authority certificates contain an its_aid_list, because a CA should not be able to create certificates for ITS stations containing ITS-AIDs that the CA was not authorized to by the root CA.
�
The following structure shown in table A.1 is an example security header for a CAM message. The header transports the generation time, identifies the payload as signed, and includes the hash of a certificate, that is, no full certificate is included in this case. Finally, an ECDSA NIST P-256 based signature is attached.
Table A.: An example signed header for CAM
Element |
Value |
Description |
Length in octets |
SecuredMessage | |||
uint8 protocol_version |
0x02 |
1 |
|
HeaderField header_fields<var> |
0x15 |
length: 21 octets |
1 |
HeaderFieldType type |
0x80 |
signer_info |
1 |
SignerInfoType signer_info |
0x01 |
certificate_digest_with_sha256 |
1 |
HashedId8 digest |
[…] |
8 |
|
HeaderFieldType type |
0x00 |
generation_time |
1 |
Time64 generation_time |
[…] |
8 |
|
HeaderFieldType type |
0x05 |
its_aid |
1 |
IntX its_aid |
[…] |
ITS-AID for CAM |
1 |
Payload payload_field |
payload | ||
PaylodType payload_type |
0x01 |
signed |
1 |
opaque data<var> |
0x00 |
length: 0 octets |
1 |
[raw payload data] |
0 |
||
TrailerField trailer_fields<var> |
0x43 |
length: 67 octets |
1 |
TrailerFieldType type |
0x01 |
signature |
1 |
PublicKeyAlgorithm algorithm |
0x00 |
ecdsa_nistp256_with_sha_256 |
1 |
EcdsaSignature ecdsa_signature | |||
EccPoint R | |||
EccPointType type |
0x00 |
x_coordinate_only |
1 |
opaque x[32] |
[…] |
32 |
|
opaque s[32] |
[…] |
32 |
|
The total size of the security header structure is 93 octets. |
The following structure shown in table A.2 is an example of a certificate.
Table A.: An example structure of a certificate
Element |
Value |
Description |
Length in octets |
Certificate | |||
uint8 version |
0x02 |
1 |
|
SignerInfo signer_info | |||
SignerInfoType type |
0x01 |
certificate_digest_with_sha256 |
1 |
HashedId8 digest |
[…] |
8 |
|
SubjectInfo subject_info | |||
SubjectType type |
0x01 |
authorization_ticket |
1 |
opaque subject_name<var> |
0x00 |
length: 0 ( no name |
1 |
[subject name] |
0 |
||
SubjectAttribute subject_attributes<var> |
0x2b |
length: 43 |
1 |
SubjectAttributeType type |
0x00 |
verification_key |
1 |
PublicKey key | |||
PublicKeyAlgorithm algorithm |
0x00 |
ecdsa_nistp256_with_sha256 |
1 |
EccPoint public_key | |||
EccPointType type |
0x02 |
compressed_lsb_y_0 |
1 |
opaque x[32] |
[…] |
32 |
|
SubjectAttributeType type |
0x02 |
assurance_level |
1 |
SubjectAssurance assurance_level |
0x83 |
level_4_confidence_3 |
1 |
SubjectAttributeType type |
0x33 |
its_aid_ssp_list |
1 |
ItsAidSsp its_aid_ssp_list<var> |
0x04 |
length: 4 octets |
1 |
IntX its_aid |
[…] |
1 |
|
opaque service_specific_permissions<var> |
0x02 |
length: 2 octets |
1 |
[service specific permissions] |
[…] |
2 |
|
ValidityRestriction validity_restrictions<var> |
0x09 |
length: 9 octets |
1 |
ValidityRestrictionType type |
0x01 |
time_start_and_end |
1 |
Time32 start_validity |
[…] |
4 |
|
Time32 end_validity |
[…] |
4 |
|
Signature signature | |||
PublicKeyAlgorithm algorithm |
0x00 |
ecdsa_nistp256_with_sha256 |
1 |
EcdsaSignature ecdsa_signature | |||
EccPoint R | |||
EccPointType type |
0x00 |
x_coordinate_only |
1 |
opaque x[32] |
[…] |
32 |
|
opaque s[32] |
[…] |
32 |
|
The total size of this certificate is 132 octets. |
�
An incoming secured message should only be accepted by the receiver if the payload of the secured message is consistent with the ITS-AID and SSP in the certificate. This consistency should be checked in two ways:
The use of ITS-AID and SSP therefore includes the following steps:
NOTE 1:The ITS-AID and SSP are contained in the certificate, which is cryptographically authenticated and authorized by the Authorization Authority. Because of this cryptographic authentication, it is impossible for the certificate holder to change their permissions without causing cryptographic authentication to fail.
NOTE 2:The ETSI TS 103 097 certificate format allows a certificate to contain multiple (ITS-AID, SSP) pairs. In this case, the receiving side processing is expected to know which ITS-AID is to be used in conjunction with an incoming message.
One way to make the concept of SSP future proof is to add the version number of the corresponding facility to the SSP.
The interpretation of the SSP is specific for each facility. One possible way to implement it is to use a bit map to define which permissions a sender is authorized to use.
The bit value "1" then means that the sender is authorized to use the corresponding feature and consequently the bit value "0" means that the sender is not authorized to use it.
�
Document history |
||
V1.1.1 |
April 2013 |
Publication |
V1.2.1 |
June 2015 |
Publication |