IEEE 1609.2-2022

$106.17

IEEE Standard for Wireless Access in Vehicular Environments–Security Services for Application and Management Messages (Approved Draft)

Published By	Publication Date	Number of Pages
IEEE	2022	349

Guaranteed Safe Checkout

Category: IEEE

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

Revision Standard – Active. Secure message formats and processing for use by Wireless Access in Vehicular Environments (WAVE) devices are defined in this standard, including methods to secure WAVE management messages and methods to secure application messages. Administrative functions necessary to support the core security functions are also described.

PDF Catalog

PDF Pages	PDF Title
1	IEEE Std 1609.2-2022 Front Cover
2	Title page
4	Notice and Disclaimer of Liability Concerning the Use of IEEE Standards Documents
5	Translations Official statements Comments on standards Laws and regulations Data privacy
6	Copyrights Photocopies Updating of IEEE Standards documents Errata Patents
7	IMPORTANT NOTICE
8	Participants
9	Introduction
10	Contents
12	1. Overview 1.1 Scope 1.2 Purpose
13	1.3 Word usage 1.4 Document organization 1.5 Document conventions
14	1.6 Testing considerations 2. Normative references
15	3. Definitions, abbreviations, and acronyms 3.1 Definitions
24	3.2 Abbreviations and acronyms
26	4. General description 4.1 WAVE protocol stack overview 4.1.1 General
29	4.1.2 Terminology—information flow and information subflow
30	4.2 Secure data service (SDS) 4.2.1 Security services protocol data units (SPDUs) 4.2.2 Secure data service 4.2.2.1 SDEE identifier 4.2.2.2 Generate SPDUs 4.2.2.2.1 Types of SPDUs 4.2.2.2.2 Unsecured SPDUs 4.2.2.2.3 Signed SPDUs
31	4.2.2.2.4 Encrypted SPDUs
32	4.2.2.2.5 Signed certificate request 4.2.2.2.6 Signed X.509 certificate request
33	4.2.2.2.7 SPDU with multiple layers of cryptographic protection 4.2.2.3 Processing received SPDUs 4.2.2.3.1 Preprocessing 4.2.2.3.2 Verifying signed SPDUs
34	4.2.2.3.3 Decrypting encrypted SPDUs 4.2.3 Cryptomaterial
35	4.2.4 Peer-to-peer certificate distribution 4.2.5 IEEE 1609.2 security profile 4.2.6 Support for privacy via distinct signing certificates
36	4.3 Security services management entity (SSME) 4.3.1 General
38	4.3.2 Peer-to-peer certificate distribution 4.4 Behavior of SDEEs 5. Cryptographic operations and validity 5.1 Certificate validity 5.1.1 Certificate contents
40	5.1.2 Certificate chain 5.1.2.1 Certificate chain construction
43	5.1.2.2 Maximum supported certificate chain length 5.1.2.3 Cryptographic validity of a chain
44	5.1.2.4 Consistency of permissions within a certificate chain
47	5.1.2.5 Trustworthiness of a certificate chain
48	5.1.3 Revocation and expiry 5.1.3.1 General
49	5.1.3.2 Determining which revocation information applies to a given certificate
50	5.1.3.3 Identification of CRACA certificate
51	5.1.3.4 Linkage-based revocation information 5.1.3.4.1 General
52	5.1.3.4.2 Individual linkage data with two seeds
53	5.1.3.4.3 Individual linkage data with a single seed
55	5.1.3.4.4 Group linkage data with two seeds
56	5.1.3.4.5 Group linkage data with a single seed
58	5.1.3.4.6 Seed evolution function for SHA-256 5.1.3.4.7 Seed evolution function for SM3 5.1.3.4.8 Seed expansion function for AES-128 5.1.3.4.9 Seed expansion function for SM4 5.1.3.5 Hash ID-based revocation information
59	5.1.3.6 Dubious certificates
60	5.2 Signed SPDU validity 5.2.1 General
62	5.2.2 PDU functional type
63	5.2.3 Local estimates of time and location 5.2.4 Identified regions
64	5.2.5 Data encapsulation approaches
65	5.2.6 Consistency conditions 5.2.6.1 General
66	5.2.6.2 Global consistency conditions 5.2.6.2.1 General
67	5.2.6.2.2 Signature verification 5.2.6.2.3 Consistency between signed SPDU and signing certificate
69	5.2.6.2.4 Internal consistency in signed SPDU 5.2.6.3 SDEE-specific consistency conditions 5.2.6.3.1 General 5.2.6.3.2 Consistency between PSID in signed SPDU and PSID derived from context
70	5.2.6.3.3 SDEE-specific consistency conditions: Future information
71	5.2.6.4 Consistency of SPDU payload 5.2.6.4.1 Consistency between SPDU payload and permissions: Service Specific Permissions 5.2.6.4.2 Consistency between SPDU data and certificate: Asserted data
74	5.2.6.4.3 Consistency between SPDU payload and permissions: Geographic information
76	5.2.7 Relevance conditions 5.2.7.1 General 5.2.7.2 SDS-verified relevance conditions 5.2.7.2.1 General
77	5.2.7.2.2 Generation time too far in the past
78	5.2.7.2.3 Generation time in the future 5.2.7.2.4 Expiry time 5.2.7.2.5 Relevance location too distant
79	5.2.7.2.6 Replay 5.2.7.2.7 Certificate expiry 5.2.7.3 SDEE-verified relevance conditions (informative)
80	5.2.8 Supported critical information fields
81	5.3 Cryptographic operations 5.3.1 Signature algorithms 5.3.1.1 General 5.3.1.2 ECDSA 5.3.1.2.1 General
82	5.3.1.2.2 Hashing data for use with ECDSA 5.3.1.3 SM2
83	5.3.2 Implicit certificates
84	5.3.3 Hash algorithms: SHA-256, SHA-384, SM3 5.3.4 Encrypted data 5.3.4.1 General
85	5.3.4.2 Data encryption
86	5.3.4.3 Data encryption key encryption 5.3.5 Public key encryption algorithms 5.3.5.1 ECIES
87	5.3.5.2 SM2 encryption
88	5.3.6 Keypair generation 5.3.7 Keypair validity 5.3.8 Symmetric algorithms: AES and SM4 in CCM Mode
89	5.3.9 Identification of encoded data structures by their hash value 5.3.9.1 Background
90	5.3.9.2 SignerIdentifier and IssuerIdentifier: Whole-certificate hash 5.3.9.3 PreSharedKeyRecipientInfo 5.3.9.4 SymmRecipientInfo 5.3.9.5 PKRecipientInfo
91	6. Data structures 6.1 Presentation and encoding 6.1.1 ASN.1 and encoding rules 6.1.2 Canonicalization
92	6.2 Basic types
93	6.3 Security services protocol data units (SPDUs) 6.3.1 General 6.3.2 Ieee1609Dot2Data
94	6.3.3 Ieee1609Dot2Content 6.3.4 SignedData
95	6.3.5 HashAlgorithm 6.3.6 ToBeSignedData
96	6.3.7 SignedDataPayload 6.3.8 HashedData
97	6.3.9 HeaderInfo
98	6.3.10 Psid 6.3.11 Time64
99	6.3.12 ThreeDLocation 6.3.13 Latitude 6.3.14 Longitude
100	6.3.15 Elevation 6.3.16 MissingCrlIdentifier 6.3.17 CrlSeries 6.3.18 EncryptionKey
101	6.3.19 SymmetricEncryptionKey 6.3.20 PublicEncryptionKey 6.3.21 SymmAlgorithm 6.3.22 BasePublicEncryptionKey
102	6.3.23 EccP256CurvePoint 6.3.24 EccP384CurvePoint
103	6.3.25 PduFunctionalType 6.3.26 ContributedExtensionBlocks 6.3.27 ContributedExtensionBlock
104	6.3.28 IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION 6.3.29 Ieee1609Dot2HeaderInfoContributedExtensions 6.3.30 HeaderInfoContributorId
105	6.3.31 SignerIdentifier
106	6.3.32 HashedId3 6.3.33 HashedId8 6.3.34 HashedId10
107	6.3.35 HashedId32 6.3.36 HashedId48
108	6.3.37 Signature 6.3.38 EcdsaP256Signature
109	6.3.39 EcdsaP384Signature
110	6.3.40 EcsigP256Signature 6.3.41 EncryptedData
111	6.3.42 RecipientInfo
112	6.3.43 PreSharedKeyRecipientInfo 6.3.44 SymmRecipientInfo 6.3.45 PKRecipientInfo
113	6.3.46 EncryptedDataEncryptionKey 6.3.47 EciesP256EncryptedKey 6.3.48 EcencP256EncryptedKey
114	6.3.49 SymmetricCiphertext 6.3.50 One28BitCcmCiphertext
115	6.3.51 Countersignature 6.4 Certificates and other security management data structures 6.4.1 General 6.4.2 Certificate
116	6.4.3 CertificateBase 6.4.4 CertificateType
117	6.4.5 ImplicitCertificate 6.4.6 ExplicitCertificate 6.4.7 IssuerIdentifier
118	6.4.8 ToBeSignedCertificate
121	6.4.9 CertificateId
122	6.4.10 LinkageData 6.4.11 LinkageValue 6.4.12 GroupLinkageValue 6.4.13 Hostname 6.4.14 ValidityPeriod 6.4.15 Time32
123	6.4.16 Duration 6.4.17 GeographicRegion
124	6.4.18 CircularRegion 6.4.19 TwoDLocation 6.4.20 RectangularRegion
125	6.4.21 PolygonalRegion 6.4.22 IdentifiedRegion
126	6.4.23 UnCountryId 6.4.24 CountryAndRegions
127	6.4.25 CountryAndSubregions
128	6.4.26 RegionAndSubregions
129	6.4.27 SubjectAssurance 6.4.28 PsidSsp
130	6.4.29 ServiceSpecificPermissions
131	6.4.30 BitmapSsp 6.4.31 PsidGroupPermissions
132	6.4.32 SubjectPermissions
133	6.4.33 EndEntityType 6.4.34 PsidSspRange 6.4.35 SspRange
134	6.4.36 BitmapSspRange
135	6.4.37 SequenceOfAppExtensions 6.4.38 AppExtension 6.4.39 SequenceOfCertIssueExtensions 6.4.40 CertIssueExtension
136	6.4.41 SequenceOfCertRequestExtensions 6.4.42 CertRequestExtension 6.4.43 CERT-EXT-TYPE
137	6.4.44 OperatingOrganizationId 6.4.45 instanceOperatingOrganizationCertExtensions 6.4.46 SetCertExtensions
138	6.4.47 VerificationKeyIndicator 6.4.48 PublicVerificationKey
139	6.5 HeaderInfo extension base 6.5.1 General 6.5.2 Extension 6.5.3 EXT-TYPE 6.5.4 ExtId 6.5.5 Ieee1609ContributedHeaderInfoExtension 6.5.6 Ieee1609HeaderInfoExtensionId
140	6.5.7 Ieee1609HeaderInfoExtensions 6.6 Contributed HeaderInfo extensions 6.6.1 General 6.6.2 ETSI TS 103097 6.6.2.1 EtsiOriginatingHeaderInfoExtension 6.6.2.2 EtsiTs103097HeaderInfoExtensions 6.6.2.3 EtsiTs102941CrlRequest 6.6.2.4 etsiTs102941CrlRequestId 6.6.2.5 EtsiTs102941DeltaCtlRequest
141	6.6.2.6 etsiTs102941DeltaCtlRequestId 7. Certificate revocation lists (CRLs) and the CRL Verification Entity 7.1 General 7.2 CRL Verification Entity specification
142	7.3 Data structures 7.3.1 General 7.3.2 CrlContents
143	7.3.3 TypeSpecificCrlContents
145	7.3.4 CrlPriorityInfo 7.3.5 ToBeSignedHashIdCrl 7.3.6 HashBasedRevocationInfo
146	7.3.7 ToBeSignedLinkageValueCrl 7.3.8 ToBeSignedLinkageValueCrlWithAlgIdentifier
147	7.3.9 JmaxGroup 7.3.10 LAGroup
148	7.3.11 ImaxGroup 7.3.12 IndividualRevocation
149	7.3.13 GroupCrlEntry 7.3.14 LaId 7.3.15 LinkageSeed 7.3.16 ExpansionAlgorithmIdentifier
150	7.3.17 GroupSingleSeedCrlEntry 7.3.18 SeedEvolutionFunctionIdentifier 7.3.19 LvGenerationFunctionIdentifier 7.4 CRL: IEEE 1609.2 Security envelope 7.4.1 General 7.4.2 Consistency criteria
151	7.4.3 Service Specific Permissions and associated consistency criteria 7.4.3.1 General 7.4.3.2 CrlSsp 7.4.3.3 CracaType 7.4.3.4 PermissibleCrls
152	7.4.4 CRL security profile 7.4.4.1 IEEE 1609.2 security profile identification 7.4.4.2 Sending
153	7.4.4.3 Receiving
154	7.4.4.4 Security management 7.4.5 ASN.1 7.4.5.1 General 7.4.5.2 CrlPsid 7.4.5.3 SecuredCrl
155	8. Peer-to-peer certificate distribution (P2PCD) 8.1 General
156	8.2 P2PCD operations 8.2.1 General
158	8.2.2 Functional entities
160	8.2.3 Relationship between trigger and requester SDEEs
161	8.2.4 Configuration parameters within SSME
162	8.2.5 Operations 8.2.5.1 Requester role 8.2.5.1.1 Separate certificate PDU
166	8.2.5.1.2 Inline certificate 8.2.5.2 Responder role 8.2.5.2.1 General
167	8.2.5.2.2 Separate certificate PDU
168	8.2.5.2.3 Inline certificate
169	8.2.6 SDEE specification considerations 8.2.7 Conformance
170	8.3 P2PCD Entity specification 8.3.1 General 8.3.2 Use within WSMP 8.4 Data structures 8.4.1 P2PCD response message 8.4.1.1 ASN.1 8.4.1.1.1 Ieee1609dot2Peer2PeerPDU
171	8.4.1.1.2 CaCertP2pPDU 8.4.1.2 Encoding 8.4.2 P2PCD learning request data types
172	9. Service primitives and functions 9.1 General comments and conventions
174	9.2 Identifiers used in the interface specification 9.2.1 SDEE identifier 9.2.2 Cryptomaterial Handles 9.2.2.1 General
175	9.2.2.2 States
176	9.2.2.3 Initialization 9.2.2.4 Transition to Keypair Only state
177	9.2.2.5 Transition to Key and Certificate state
178	9.2.2.6 Deletion
179	9.2.3 Symmetric Cryptomaterial Handles 9.2.3.1 General 9.2.3.2 State
180	9.2.3.3 Initialization 9.3 Sec SAP 9.3.1 Sec-CryptomaterialHandle 9.3.1.1 Sec-CryptomaterialHandle.request 9.3.1.1.1 Function 9.3.1.1.2 Semantics of the service primitive 9.3.1.1.3 When generated 9.3.1.1.4 Effect of receipt
181	9.3.1.2 Sec-CryptomaterialHandle.confirm 9.3.1.2.1 Function 9.3.1.2.2 Semantics of the service primitive 9.3.1.2.3 When generated 9.3.1.2.4 Effect of receipt 9.3.2 Sec-CryptomaterialHandle-GenerateKeyPair 9.3.2.1 Sec-CryptomaterialHandle-GenerateKeyPair.request 9.3.2.1.1 Function 9.3.2.1.2 Semantics of the service primitive
182	9.3.2.1.3 When generated 9.3.2.1.4 Effect of receipt 9.3.2.2 Sec-CryptomaterialHandle-GenerateKeyPair.confirm 9.3.2.2.1 Function 9.3.2.2.2 Semantics of the service primitive 9.3.2.2.3 When generated
183	9.3.2.2.4 Effect of receipt 9.3.3 Sec-CryptomaterialHandle-StoreKeyPair 9.3.3.1 Sec-CryptomaterialHandle-StoreKeyPair.request 9.3.3.1.1 Function 9.3.3.1.2 Semantics of the service primitive 9.3.3.1.3 When generated 9.3.3.1.4 Effect of receipt
184	9.3.3.2 Sec-CryptomaterialHandle-StoreKeyPair.confirm 9.3.3.2.1 Function 9.3.3.3 Semantics of the service primitive 9.3.3.3.1 When generated 9.3.3.3.2 Effect of receipt 9.3.4 Sec-CryptomaterialHandle-StoreCertificate 9.3.4.1 Sec-CryptomaterialHandle-StoreCertificate.request 9.3.4.1.1 Function 9.3.4.1.2 Semantics of the service primitive
185	9.3.4.1.3 When generated 9.3.4.1.4 Effect of receipt 9.3.4.2 Sec-CryptomaterialHandle-StoreCertificate.confirm 9.3.4.2.1 Function 9.3.4.2.2 Semantics of the service primitive
186	9.3.4.2.3 When generated 9.3.4.2.4 Effect of receipt 9.3.5 Sec-StoreCertificateAndKey 9.3.5.1 Sec-CryptomaterialHandle-StoreCertificateAndKey.request 9.3.5.1.1 Function 9.3.5.1.2 Semantics of the service primitive 9.3.5.1.3 When generated 9.3.5.1.4 Effect of receipt
187	9.3.5.2 Sec-CryptomaterialHandle-StoreCertificateAndKey.confirm 9.3.5.2.1 Function 9.3.5.2.2 Semantics of the service primitive 9.3.5.2.3 When generated 9.3.5.2.4 Effect of receipt 9.3.6 Sec-CryptomaterialHandle-Delete 9.3.6.1 Sec-CryptomaterialHandle-Delete.request 9.3.6.1.1 Function
188	9.3.6.1.2 Semantics of the service primitive 9.3.6.1.3 When generated 9.3.6.1.4 Effect of receipt 9.3.6.2 Sec-CryptomaterialHandle-Delete.confirm 9.3.6.2.1 Function 9.3.6.2.2 Semantics of the service primitive 9.3.6.2.3 When generated 9.3.6.2.4 Effect of receipt
189	9.3.7 Sec-SymmetricCryptomaterialHandle 9.3.7.1 Sec-SymmetricCryptomaterialHandle.request 9.3.7.1.1 Function 9.3.7.1.2 Semantics of the service primitive 9.3.7.1.3 When generated 9.3.7.1.4 Effect of receipt 9.3.7.2 Sec-SymmetricCryptomaterialHandle.confirm 9.3.7.2.1 Function
190	9.3.7.2.2 Semantics of the service primitive 9.3.7.2.3 When generated 9.3.7.2.4 Effect of receipt 9.3.8 Sec-SymmetricCryptomaterialHandle-HashedId8 9.3.8.1 Sec-SymmetricCryptomaterialHandle-HashedId8.request 9.3.8.1.1 Function 9.3.8.1.2 Semantics of the service primitive
191	9.3.8.1.3 When generated 9.3.8.1.4 Effect of receipt 9.3.8.2 Sec-SymmetricCryptomaterialHandle-HashedId8.confirm 9.3.8.2.1 Function 9.3.8.2.2 Semantics of the service primitive 9.3.8.2.3 When generated 9.3.8.2.4 Effect of receipt 9.3.8.3 Sec-SymmetricCryptomaterialHandle-Delete.request 9.3.8.3.1 Function
192	9.3.8.3.2 Semantics of the service primitive 9.3.8.3.3 When generated 9.3.8.3.4 Effect of receipt 9.3.8.4 Sec-SymmetricCryptomaterialHandle-Delete.confirm 9.3.8.4.1 Function 9.3.8.4.2 Semantics of the service primitive 9.3.8.4.3 When generated 9.3.8.4.4 Effect of receipt 9.3.9 Sec-SignedData 9.3.9.1 Sec-SignedData.request 9.3.9.1.1 Function
193	9.3.9.1.2 Semantics of the service primitive
194	9.3.9.1.3 When generated 9.3.9.1.4 Effect of receipt
195	9.3.9.2 Sec-SignedData.confirm 9.3.9.2.1 Function 9.3.9.2.2 Semantics of the service primitive
196	9.3.9.2.3 When generated
197	9.3.9.2.4 Effect of receipt
198	9.3.10 Sec-EncryptedData 9.3.10.1 Sec-EncryptedData.request 9.3.10.1.1 Function 9.3.10.1.2 Semantics of the service primitive
199	9.3.10.1.3 When generated 9.3.10.1.4 Effect of receipt 9.3.10.2 Sec-EncryptedData.confirm 9.3.10.2.1 Function 9.3.10.2.2 Semantics of the service primitive
200	9.3.10.2.3 When generated
201	9.3.10.2.4 Effect of receipt 9.3.11 Sec-SecureDataPreprocessing 9.3.11.1 Sec-SecureDataPreprocessing.request 9.3.11.1.1 Function 9.3.11.1.2 Semantics of the service primitive 9.3.11.1.3 When generated 9.3.11.1.4 Effect of receipt
202	9.3.11.2 Sec-SecureDataPreprocessing.confirm 9.3.11.2.1 Function 9.3.11.2.2 Semantics of the service primitive
203	9.3.11.2.3 When generated 9.3.11.2.4 Effect of receipt 9.3.12 Sec-SignedDataVerification 9.3.12.1 Sec-SignedDataVerification.request 9.3.12.1.1 Function
204	9.3.12.1.2 Semantics of the service primitive
206	9.3.12.1.3 When generated 9.3.12.1.4 Effect of receipt 9.3.12.2 Sec-SignedDataVerification.confirm 9.3.12.2.1 Function 9.3.12.2.2 Semantics of the service primitive
208	9.3.12.2.3 When generated
210	9.3.12.2.4 Effect of receipt
211	9.3.13 Sec-EncryptedDataDecryption 9.3.13.1 Sec-EncryptedDataDecryption.request 9.3.13.1.1 Function 9.3.13.1.2 Semantics of the service primitive 9.3.13.1.3 When generated 9.3.13.1.4 Effect of receipt
212	9.3.13.2 Sec-EncryptedDataDecryption.confirm 9.3.13.2.1 Function 9.3.13.2.2 Semantics of the service primitive
213	9.3.13.2.3 When generated 9.3.13.2.4 Effect of receipt
214	9.4 SSME SAP 9.4.1 SSME-CertificateInfo 9.4.1.1 SSME-CertificateInfo.request 9.4.1.1.1 Function 9.4.1.1.2 Semantics of the service primitive 9.4.1.1.3 When generated 9.4.1.1.4 Effect of receipt 9.4.1.2 SSME-CertificateInfo.confirm 9.4.1.2.1 Function
215	9.4.1.2.2 Semantics of the service primitive
216	9.4.1.2.3 When generated
217	9.4.1.2.4 Effect of receipt 9.4.2 SSME-AddTrustAnchor 9.4.2.1 SSME-AddTrustAnchor.request 9.4.2.1.1 Function 9.4.2.1.2 Semantics of the service primitive
218	9.4.2.1.3 When generated 9.4.2.1.4 Effect of receipt 9.4.2.2 SSME-AddTrustAnchor.confirm 9.4.2.2.1 Function 9.4.2.2.2 Semantics of the service primitive 9.4.2.2.3 When generated
219	9.4.2.2.4 Effect of receipt 9.4.3 SSME-AddCertificate 9.4.3.1 SSME-AddCertificate.request 9.4.3.1.1 Function 9.4.3.1.2 Semantics of the service primitive 9.4.3.1.3 When generated 9.4.3.1.4 Effect of receipt
220	9.4.3.1.5 Effect of receipt 9.4.3.2 SSME-AddCertificate.confirm 9.4.3.2.1 Function 9.4.3.2.2 Semantics of the service primitive 9.4.3.2.3 When generated 9.4.3.2.4 Effect of receipt 9.4.4 SSME-VerifyCertificate 9.4.4.1 SSME-VerifyCertificate.request 9.4.4.1.1 Function 9.4.4.1.2 Semantics of the service primitive
221	9.4.4.1.3 When generated 9.4.4.1.4 Effect of receipt 9.4.4.2 SSME-VerifyCertificate.confirm 9.4.4.2.1 Function 9.4.4.2.2 Semantics of the service primitive
222	9.4.4.2.3 When generated 9.4.4.2.4 Effect of receipt
223	9.4.5 SSME-DeleteCertificate 9.4.5.1 SSME-DeleteCertificate.request 9.4.5.1.1 Function 9.4.5.1.2 Semantics of the service primitive 9.4.5.1.3 When generated 9.4.5.1.4 Effect of receipt 9.4.5.2 SSME-DeleteCertificate.confirm 9.4.5.2.1 Function 9.4.5.2.2 Semantics of the service primitive
224	9.4.5.2.3 When generated 9.4.5.2.4 Effect of receipt 9.4.6 SSME-AddHashIdBasedRevocation 9.4.6.1 SSME-AddHashIdBasedRevocation.request 9.4.6.1.1 Function 9.4.6.1.2 Semantics of the service primitive 9.4.6.1.3 When generated
225	9.4.6.1.4 Effect of receipt 9.4.6.2 SSME-AddHashIdBasedRevocation.confirm 9.4.6.2.1 Function 9.4.6.2.2 Semantics of the service primitive 9.4.6.2.3 When generated 9.4.6.2.4 Effect of receipt 9.4.7 SSME-AddIndividualLinkageBasedRevocation 9.4.7.1 SSME-AddIndividualLinkageBasedRevocation.request 9.4.7.1.1 Function
226	9.4.7.1.2 Semantics of the service primitive
227	9.4.7.1.3 When generated 9.4.7.1.4 Effect of receipt 9.4.7.2 SSME-AddIndividualLinkageBasedRevocation.confirm 9.4.7.2.1 Function 9.4.7.2.2 Semantics of the service primitive 9.4.7.2.3 When generated 9.4.7.2.4 Effect of receipt
228	9.4.8 SSME-AddGroupLinkageBasedRevocation 9.4.8.1 SSME-AddGroupLinkageBasedRevocation.request 9.4.8.1.1 Function 9.4.8.1.2 Semantics of the service primitive 9.4.8.1.3 When generated 9.4.8.1.4 Effect of receipt
229	9.4.8.2 SSME-AddGroupLinkageBasedRevocation.confirm 9.4.8.2.1 Function 9.4.8.2.2 Semantics of the service primitive 9.4.8.2.3 When generated 9.4.8.2.4 Effect of receipt 9.4.9 SSME-AddRevocationInfo 9.4.9.1 SSME-AddRevocationInfo.request 9.4.9.1.1 Function 9.4.9.1.2 Semantics of the service primitive
230	9.4.9.1.3 When generated 9.4.9.1.4 Effect of receipt 9.4.9.2 SSME-AddRevocationInfo.confirm 9.4.9.2.1 Function 9.4.9.2.2 Semantics of the service primitive 9.4.9.2.3 When generated 9.4.9.2.4 Effect of receipt
231	9.4.10 SSME-RevocationInformationStatus 9.4.10.1 SSME-RevocationInformationStatus.request 9.4.10.1.1 Function 9.4.10.1.2 Semantics of the service primitive 9.4.10.1.3 When generated 9.4.10.1.4 Effect of receipt 9.4.10.2 SSME-RevocationInformationStatus.confirm 9.4.10.2.1 Function 9.4.10.2.2 Semantics of the service primitive
232	9.4.10.2.3 When generated 9.4.10.2.4 Effect of receipt 9.4.11 SSME-P2PcdResponseGenerationService 9.4.11.1 SSME-P2pcdResponseGenerationService.request 9.4.11.1.1 Function 9.4.11.1.2 Semantics of the service primitive 9.4.11.1.3 When generated
233	9.4.11.1.4 Effect of receipt 9.4.11.2 SSME-P2pcdResponseGenerationService.confirm 9.4.11.2.1 Function 9.4.11.2.2 Semantics of the service primitive 9.4.11.2.3 When generated 9.4.11.2.4 Effect of receipt 9.4.12 SSME-P2pcdResponseGeneration 9.4.12.1 SSME-P2pcdResponseGeneration.indication 9.4.12.1.1 Function 9.4.12.1.2 Semantics of the service primitive
234	9.4.12.1.3 When generated 9.4.12.1.4 Effect of receipt 9.4.13 SSME-P2pcdConfiguration 9.4.13.1 SSME-P2pcdConfiguration.request 9.4.13.1.1 Function 9.4.13.1.2 Semantics of the service primitive
235	9.4.13.1.3 When generated 9.4.13.1.4 Effect of receipt 9.4.13.2 SSME-P2pcdConfiguration.confirm 9.4.13.2.1 Function 9.4.13.2.2 Semantics of the service primitive 9.4.13.2.3 When generated
236	9.4.13.2.4 Effect of receipt 9.4.14 SSME-P2pcdRequesterSupport 9.4.14.1 SSME-P2pcdRequesterSupport.request 9.4.14.1.1 Function 9.4.14.1.2 Semantics of the service primitive 9.4.14.1.3 When generated 9.4.14.1.4 Effect of receipt 9.4.14.1.5 Implementation and security considerations
237	9.4.14.2 SSME-P2pcdRequesterSupport.confirm 9.4.14.2.1 Function 9.4.14.2.2 Semantics of the service primitive 9.4.14.2.3 When generated 9.4.14.2.4 Effect of receipt 9.5 SSME-Sec SAP 9.5.1 SSME-Sec-ReplayDetection 9.5.1.1 SSME-Sec-ReplayDetection.request 9.5.1.2 Function
238	9.5.1.3 Semantics of the service primitive 9.5.1.4 When generated 9.5.1.5 Effect of receipt 9.5.1.6 SSME-Sec-ReplayDetection.confirm 9.5.1.7 Function
239	9.5.1.8 Semantics of the service primitive 9.5.1.9 When generated 9.5.1.10 Effect of receipt 9.5.2 SSME-Sec-IncomingP2pcdInfo 9.5.2.1 SSME-Sec-IncomingP2pcdInfo.request 9.5.2.2 Function 9.5.2.3 Semantics of the service primitive
240	9.5.2.4 When generated 9.5.2.5 Effect of receipt 9.5.2.6 SSME-Sec-IncomingP2pcdInfo.confirm 9.5.2.7 Function 9.5.2.8 Semantics of the service primitive 9.5.2.9 When generated
241	9.5.2.10 Effect of receipt 9.5.3 SSME-Sec-OutgoingP2pcdInfo 9.5.3.1 SSME-Sec-OutgoingP2pcdInfo.request 9.5.3.2 Function 9.5.3.3 Semantics of the service primitive 9.5.3.4 When generated 9.5.3.5 Effect of receipt 9.5.3.6 SSME-Sec-OutgoingP2pcdInfo.confirm 9.5.3.7 Function
242	9.5.3.8 Semantics of the service primitive 9.5.3.9 When generated 9.5.3.10 Effect of receipt
243	Annex A (normative) Protocol Implementation Conformance Statement (PICS) proforma A.1 Instructions for completing the PICS proforma A.1.1 General structure of the PICS proforma A.1.2 Additional information
244	A.1.3 Exception information A.1.4 Conditional status
245	A.2 PICS proforma—IEEE Std 1609.225F A.2.1 Identification
246	A.2.2 Protocol summary A.2.3 Conformance statement A.2.3.1 Security services
255	A.2.3.2 Certificate revocation list (CRL) verification entity
256	A.2.3.3 Peer-to-peer certificate distribution (P2PCD) functionality
258	Annex B (normative) ASN.1 modules B.1 General B.2 1609.2 security services B.2.1 1609.2 schema B.2.2 1609.2 base types
259	B.3 Certificate revocation list (CRL) B.3.1 Certificate revocation list: Base types B.3.2 CRL: Security envelope B.3.3 CRL: Service Specific Permissions (SSP) B.4 Peer-to-peer certificate distribution (P2PCD) B.5 ETSI TS 103097 extension module
260	Annex C (informative) Specifying the use of IEEE Std 1609.2 by SDEEs C.1 General C.2 IEEE 1609.2 security profiles C.2.1 Contents of security profile C.2.1.1 General
262	C.2.1.2 Overridability of entries in the security profile C.2.1.3 Structure of the security profile
263	C.2.1.4 IEEE 1609.2 security profile identification C.2.1.4.1 Sending
271	C.2.1.4.2 Receiving
279	C.2.1.4.3 Security management
281	C.3 IEEE 1609.2 security profile proforma29F C.3.1 Instructions for completing the IEEE 1609.2 security profile proforma
282	C.3.2 IEEE 1609.2 security profile proforma C.3.2.1 IEEE 1609.2 security profile identification C.3.2.2 Sending
283	C.3.2.3 Receiving C.3.2.4 Security management C.3.3 Historic IEEE 1609.2 security profile material C.3.3.1 General
284	C.3.3.2 IEEE 1609.2 security profile identification C.3.3.3 Sending
285	C.3.3.4 Receiving
286	C.3.3.5 Security management C.3.3.6 Other C.4 Service Specific Permissions (SSP) C.4.1 General
287	C.4.2 SSP syntax and semantics C.5 Assurance level C.6 Recommendations on certificates C.7 Source of encryption keys
289	Annex D (informative) Examples and use cases D.1 Guidance for SDEE specifiers and implementers
290	D.2 Processing CRLs
291	D.3 Constructing a certificate chain D.3.1 Examples
294	D.3.2 Construction
296	D.4 Peer-to-peer certificate distribution D.4.1 General D.4.2 State, timers, and configuration parameters within SSME D.4.2.1 State within SSME D.4.2.1.1 Request
297	D.4.2.1.2 Response D.4.2.2 Timers within SSME
298	D.4.2.3 Configuration parameters within SSME D.4.3 Activities within P2PCD D.4.3.1 General
299	D.4.3.2 Configure request SDEE support for trigger SDEEs D.4.3.3 Receive trigger SDEE SPDUs 1) If the SignerIdentifier in the signed SPDU indicates the selection certificate, and/or if the HeaderInfo in the SPDU contains a p2pcdLearningRequest field, the SDS invokes SSME-Sec-IncomingP2pcdInfo.request with the parameters:
300	i) The SSME adds the HashedId8 of Issuer to queuedMissingCertIndicators (SDEE ID). ii) The SSME might at this point use the configuration parameter p2pcdRequesterSupportSDEEs(SDEE ID) to identify one or more candidate request SDEEs in whose SPDUs it might include the request.
301	D.4.3.4 Send request SDEE SPDUs
302	D.4.3.5 Register for response generation service
303	D.4.3.6 Send P2PCD learning response
304	D.4.3.7 Receive P2PCD learning response D.4.3.8 p2pcdRequestActiveTimer or p2pcdResponseActiveTimer expire
305	D.5 Example data structures D.5.1 “Basic safety message” with dummy payload, signed with a digest D.5.1.1 Description D.5.1.2 COER encoding D.5.1.3 ASN.1 value notation
306	D.5.2 “Basic safety message” with dummy payload, signed by a certificate D.5.2.1 Description D.5.2.2 COER encoding D.5.2.3 ASN.1 value notation
307	D.5.3 PsidGroupPermissions examples
308	D.5.4 Root CA certificate profile
310	D.6 Cryptographic test vectors D.6.1 AES-CCM-128
313	D.6.2 ECIES
318	D.6.3 MAC
320	D.6.4 KDF2
321	D.7 Test vectors for Linkage Values lv(i,j)
327	Annex E (informative) Guidance on future HeaderInfo extensions E.1 General
328	E.2 Steps for the IEEE P1609 Working Group E.2.1 General E.2.2 Contributor ID E.2.3 New ASN.1 module
329	E.3 Steps for HeaderInfo extension contributor E.3.1 General E.3.2 Module name and OID
330	E.3.3 Extension definition
331	Annex F (informative) Deployment considerations
333	Annex G (informative) Extending this standard G.1 ToBeSignedCertificate extensions
335	Annex H (informative) Anticipated model of use for Operating Organization ID H.1 General
336	H.2 Obtaining certificates containing Operating Organization ID
338	H.3 Use of Operating Organization ID by receiver H.3.1 General
339	H.3.2 Policy enforcement points and policy decision points
340	H.4 Entitlement of CAs to issue certificates containing particular Operating Organization ID values
342	H.5 Operating Organization ID in the context of signal prioritization H.5.1 Overview of signal prioritization
343	H.5.2 Use of Operating Organization ID in signal prioritization
344	H.5.3 Policy Decision and Enforcement Points
345	H.6 Adding new organizations and the semantics and hierarchy of Operating Organization ID H.7 Consistency between Operating Organization ID and message payload
346	H.8 Conclusion
347	Annex I (informative) Bibliography
349	Back cover

Additional information

Standard Title	IEEE Standard for Wireless Access in Vehicular Environments–Security Services for Application and Management Messages (Approved Draft)
Published Code	IEEE
Publication Date	2022
Pages Count	349

Preview PDF


PDF Format	Searchable	Printable	Preview Now

IEEE 1609.2-2022

PDF Catalog

Related products