BS EN ISO 21177:2023 – TC
$280.87
Tracked Changes. Intelligent transport systems. ITS station security services for secure session establishment and authentication between trusted devices
| Published By | Publication Date | Number of Pages |
| BSI | 2023 | 268 |
This document contains specifications for a set of ITS station security services required to ensure the authenticity of the source and integrity of information exchanged between trusted entities, i.e.: — between devices operated as bounded secured managed entities, i.e. “ITS Station Communication Units” (ITS-SCU) and “ITS station units” (ITS-SU) as specified in ISO 21217; and — between ITS-SUs (composed of one or several ITS-SCUs) and external trusted entities such as sensor and control networks. These services include the authentication and secure session establishment which are required to exchange information in a trusted and secure manner. These services are essential for many intelligent transport system (ITS) applications and services including time-critical safety applications, automated driving, remote management of ITS stations (ISO 24102-2), and roadside/infrastructure-related services.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 1 | 30473294 |
| 153 | A-30419842 |
| 154 | undefined |
| 156 | European foreword Endorsement notice |
| 160 | Foreword |
| 161 | Introduction |
| 167 | 1 Scope 2 Normative references 3 Terms and definitions |
| 168 | 4 Abbreviated terms |
| 170 | 5 Overview 5.1 General description, relationship to transport layer security (TLS) and relationship to application specifications |
| 171 | 5.2 Goals 5.3 Architecture and functional entities |
| 176 | 5.4 Cryptomaterial handles 5.5 Session IDs and state |
| 177 | 5.6 Access control and authorization state 5.7 Application level non-repudiation 5.8 Service primitive conventions |
| 178 | 6 Process flows and sequence diagrams 6.1 General 6.2 Overview of process flows |
| 179 | 6.3 Sequence diagram conventions |
| 180 | 6.4 Configure |
| 181 | 6.5 Start session |
| 184 | 6.6 Send data |
| 187 | 6.7 Send access control PDU |
| 188 | 6.8 Receive PDU |
| 193 | 6.9 Extend session 6.9.1 Goals |
| 194 | 6.9.2 Processing 6.10 Secure connection brokering 6.10.1 Goals 6.10.2 Prerequisites |
| 195 | 6.10.3 Overview |
| 196 | 6.10.4 Detailed specification |
| 204 | 6.11 Force end session |
| 206 | 6.12 Session terminated at session layer 6.13 Deactivate |
| 207 | 6.14 Secure session example |
| 209 | 7 Security subsystem: interfaces and data types 7.1 General |
| 210 | 7.2 Access control policy and state |
| 211 | 7.3 Enhanced authentication 7.3.1 Definition and possible states 7.3.2 States for owner role enhanced authentication |
| 213 | 7.3.3 State for accessor role enhanced authentication 7.3.4 Use by access control 7.3.5 Methods for providing enhanced authentication 7.3.6 Enhanced authentication using SPAKE2 |
| 214 | 7.4 Extended authentication |
| 215 | 7.5 Security Management Information Request 7.5.1 Rationale |
| 216 | 7.5.2 General |
| 217 | 7.6 Data types 7.6.1 General 7.6.2 Imports 7.6.3 “Helper” data types |
| 218 | 7.6.4 Iso21177AccessControlPdu 7.6.5 AccessControlResult 7.6.6 ExtendedAuthPdu |
| 219 | 7.6.7 ExtendedAuthRequest 7.6.8 InnerExtendedAuthRequest 7.6.9 AtomicExtendedAuthRequest |
| 220 | 7.6.10 ExtendedAuthResponse 7.6.11 ExtendedAuthResponsePayload 7.6.12 EnhancedAuthPdu |
| 221 | 7.6.13 SpakeRequest 7.6.14 SpakeResponse 7.6.15 SpakeRequesterResponse 7.6.16 SecurityMgmtInfoPdu 7.6.17 SecurityMgmtInfoRequest |
| 222 | 7.6.18 EtsiCrlRequest 7.6.19 CertChainRequest 7.6.20 SecurityMgmtInfoResponse |
| 223 | 7.6.21 SecurityMgmtInfoErrorResponse 7.6.22 EtsiCrlResponse 7.6.23 EtsiCtlResponse 7.6.24 IeeeCrlResponse |
| 224 | 7.6.25 CertChainResponse 7.6.26 SessionExtensionPdu |
| 226 | 7.7 App-Sec Interface 7.7.1 App-Sec-Configure.request |
| 227 | 7.7.2 App-Sec-Configure.confirm 7.7.3 App-Sec-StartSession.indication 7.7.4 App-Sec-Data.request |
| 228 | 7.7.5 App-Sec-Data.confirm 7.7.6 App-Sec-Incoming.request |
| 229 | 7.7.7 App-Sec-Incoming.confirm |
| 230 | 7.7.8 App-Sec-EndSession.request 7.7.9 App-Sec-EndSession.indication |
| 231 | 7.7.10 App-Sec-Deactivate.request 7.7.11 App-Sec-Deactivate.confirm 7.7.12 App-Sec-Deactivate.indication |
| 232 | 7.8 Security subsystem internal interface 7.8.1 General 7.8.2 Sec-AuthState.request 7.8.3 Sec-AuthState.confirm |
| 233 | 8 Adaptor layer: interfaces and data types 8.1 General |
| 234 | 8.2 Data types 8.2.1 General 8.2.2 Iso21177AdaptorLayerPDU |
| 235 | 8.2.3 Apdu 8.2.4 AccessControl 8.2.5 TlsClientMsg1 8.2.6 TlsServerMsg1 8.3 App-AL Interface 8.3.1 App-AL-Data.request |
| 236 | 8.3.2 App-AL-Data.confirm 8.3.3 App-AL-Data.indication |
| 237 | 8.3.4 App-AL-EnableProxy.request |
| 239 | 8.4 Sec-AL Interface 8.4.1 Sec-AL-AccessControl.request 8.4.2 Sec-AL-AccessControl.confirm 8.4.3 Sec-AL-AccessControl.indication |
| 240 | 8.4.4 Sec-AL-EndSession.request 8.4.5 Sec-AL-EndSession.confirm 9 Secure session Services 9.1 General 9.2 App-Sess interfaces 9.2.1 App-Sess-EnableProxy.request |
| 241 | 9.3 Sec-Sess interface 9.3.1 Sec-Sess-Configure.request |
| 243 | 9.3.2 Sec-Sess-Configure.confirm 9.3.3 Sec-Sess-Start.indication |
| 244 | 9.3.4 Sec-Sess-EndSession.indication 9.3.5 Sec-Sess-Deactivate.request |
| 245 | 9.3.6 Sec-Sess-Deactivate.confirm 9.4 AL-Sess interface 9.4.1 AL-Sess-Data.request 9.4.2 AL-Sess-Data.confirm |
| 246 | 9.4.3 AL-Sess-Data.indication 9.4.4 AL-Sess-EndSession.request 9.4.5 AL-Sess-EndSession.confirm |
| 247 | 9.4.6 AL-Sess-ClientHelloProxy.request 9.4.7 AL-Sess-ClientHelloProxy.indication |
| 248 | 9.4.8 AL-Sess-ServerHelloProxy.request 9.4.9 AL-Sess-ServerHelloProxy.indication |
| 249 | 9.5 Permitted mechanisms 9.5.1 TLS 1.3 |
| 250 | 9.5.2 DTLS 1.3 |
| 251 | Annex A (informative) Usage scenarios |
| 259 | Annex B (normative) ASN.1 module |
| 260 | Annex C (normative) Session extension PDU functional type |
| 261 | Annex D (normative) Owner authorization |
| 265 | Bibliography |
Related products
-
BSI PD CEN/TR 17868:2022
Intelligent transport systems. EU-ICIP. ITS standards deliverables (2022) Published By Publication Date Number of Pages…
-
BS EN ISO 21920-3:2022 – TC
Tracked Changes. Geometrical product specifications (GPS). Surface texture: Profile – Specification operators Published By Publication…
-
BS EN ISO 8611-2:2022 – TC
Tracked Changes. Pallets for materials handling. Flat pallets – Performance requirements and selection of tests…
-
BS EN ISO 21177:2024 – TC
Tracked Changes. Intelligent transport systems. ITS station security services for secure session establishment and authentication…
-
BS EN ISO 10286:2021 – TC:2022 Edition
Tracked Changes. Gas cylinders. Vocabulary Published By Publication Date Number of Pages BSI 2022 196
-
BS EN ISO 11177:2019 – TC:2020 Edition
Tracked Changes. Vitreous and porcelain enamels. Inside and outside enamelled valves and pressure pipe fittings…
