Upload
dophuc
View
235
Download
0
Embed Size (px)
Citation preview
1
REVIEW OF ITS WG5 PROGRAMME (SECURITY)Scott W CADZOW, Chairman of ETSI TC ITS WG5
2
REVIEW OF TERMS OF REFERENCEWhat we’ve agreed is in our scope
Responsibilities of WG5 from ToR
Conducting studies leading to deliverables on Security;
Assuring ITS solutions conform to regulatory requirements for privacy, data protection, lawful interception and data retention;
Management and co-ordination of the development of security specifications for ITS communication and data;
Investigation of security services and mechanisms required for providing ITS services over the Internet;
3
Investigation of security services and mechanisms required for providing ITS services over the Internet;
Development of security analyses of candidate protocols and network elements to be used within the ITS framework to implement capabilities e.g., EMTEL aspects, IPv6 migration, keying strategies and methods;
Tracking on-going worldwide security activities of interest to ITS (notably in ISO TC204)
WG5 activities identified from ToR
Ensure that a threat analysis for ITS is conducted and maintained as the feature set being standardised grows.
Determine and document the objectives and priorities for ITS security taking into account the needs and aspirations of users, operators, regulators and manufacturers• Accommodate, as far as is practicable, any regional regulatory
requirements in security objectives
4
requirements in security objectives
Detail the security requirements for ITS:
Define a security architecture for ITS which will satisfy the security requirements and align with the ITS system architecture.
Produce guidelines:• On the use of the ITS security elements
• On the limitations of ITS security
• On the implications of not activating the security elements that are provided.
5
PUBLISHED OR COMPLETEDThe ETSI output that we’ve completed and the schedule for publication
Transportation
Published documents
ETSI TR 102 893V1.1.1 (2010-03) Intelligent
Transport Systems (ITS); Security; Threat,
Vulnerability and Risk Analysis (TVRA)
ETSI TS 102 731V1.1.1 (2010-09) Intelligent
6
ETSI TS 102 731V1.1.1 (2010-09) Intelligent
Transport Systems (ITS); Security; Security
Services and Architecture
Completed pending final review …
TS 102 867, Stage 3 mapping for IEEE 1609.2
TS 102 940, Security architecture and ITS
Station Security Management
TS 102 941, Identity, Trust and Privacy
7
TS 102 941, Identity, Trust and Privacy
Management
TS 102 942, Access Control and Secure and
Privacy-preserving services
TS 102 943, Confidentiality services
TS 102 867 – Scope
The present document specifies the use of the mechanisms of IEEE 1609.2 [1] within the ITS communications architecture defined in EN 302 665 [3] to provide a stage 3 implementation for a subset of the security services defined in TS 102 731 [2].
The present document identifies:• Those areas where IEEE 1609.2 [1] provides a security service defined in TS 102 731 [2].
• Recommended parameterizations of IEEE 1609.2 [1] via its "security profile" mechanism for Cooperative Awareness Messages (CAM) [4] and Decentralized Environmental Notification Messages (DENM) [5].
8
Messages (DENM) [5].
• Those areas where IEEE 1609.2 [1] needs to be extended or modified in a minor way to provide security services defined in TS 102 731 [2] and suitable for CAM and DENM.
• Those areas where IEEE 1609.2 [1] does not provide a basis for a security service defined in TS 102 731 [2] and consumed by CAM and DENM.
In those cases where IEEE 1609.2 [1] does not fully provide a required service, the present document identifies the requirements for that service but does not specify that service in full. The present document should therefore be seen not as a full specification of security for CAM and DENM but as a subset of that specification.
TS 102 940 - Scope
The present document specifies a security architecture for Intelligent Transport System (ITS) communications. Based upon the security services defined in TS 102 731 [6] ,it identifies the functional entities required to support security in an ITS environment and the relationships that exist between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [1].
9
exist between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [1].
The present document also identifies the roles and locations of a range of security services for the protection of transmitted information and the management of essential security parameters. These include identifier and certificate management, PKI processes and interfaces as well as basic policies and guidelines for trust establishment.
TS 102 941 – Scope
The present document specifies the trust and privacy management for Intelligent Transport System (ITS) communications. Based upon the security services defined in TS 102 731 [1] and the security architecture define in TS 102 940 [5], it identifies the trust establishment and privacy management required to support security in an ITS environment and the relationships that exist between the entities themselves and the elements of the ITS
10
between the entities themselves and the elements of the ITS reference architecture defined in EN 302 665 [2].
The present document identifies and specifies security services for the establishment and maintenance of identities and cryptographic keys in an Intelligent Transport System (ITS). Its purpose is to provide the functions upon which systems of trust and privacy can be built within an ITS.
TS 102 942 – Scope
The present document specifies how to encode permissions of ITS applications as access control constraints models and demonstrates the application of the constraints model for CAM and DENM. ITS applications shall only have access to resources in the ITS-S that are necessary for their
11
DENM. ITS applications shall only have access to resources in the ITS-S that are necessary for their successful execution. The model defines the allowed permissions and any conditional constraints associated to ITS applications and internal resources of the ITS-S (such as facilities layer, transmission media interfaces, policies, databases, etc.).
TS 102 943 – Scope
The present document specifies services to
ensure that that the confidentiality of
information sent to and from an Intelligent
Transport System (ITS) station can be
12
Transport System (ITS) station can be
maintained at a level that is acceptable to the
users of the station.
13
PLANNING FOR THE FUTUREWhere we are aiming to develop more standards and guidance
Priority 1: Completion of ETSI WIs
Sx-SAP definitions
Update of TVRA
Beginning the ITS Security Test Programme
• Conformance tests for TS 102 867 and TS 102 941
14
• Conformance tests for TS 102 867 and TS 102 941
(TSS&TP, TTCN3)
• Interoperability test structure ?
Priority 2: New work areas
Extension of ETSI Work Programme to ATIS, APTS, etc.
• Addressing user interaction to ITS and covering parts of the EU ITS scope not addressed by V2V/V2I
Security guide
15
Security guide
• How to deploy ITS and the security functions within it
Deployment of ITS services (web-services and apps) to the ITS-S
ComSec integration of 5GHz to other radio links (e.g. LTE)
16
Safety aids survivability
Directive expects ITS to reduce or eliminate this
17
Directive look to ITS to aid environment
18
Encourage more use of these
19
Questions
20