Cooperative ITS Credentials Management System --> ITS Object:
security credential revocations

Definitions

security credential revocations (Information Flow): Certificate Revocation List; lists the certificates whose trust has been revoked by the CCMS.

Cooperative ITS Credentials Management System (Source Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.

ITS Object (Destination Physical Object): The general 'ITS Object' includes core capabilities common to any class of object.

Included In

This Triple is in the following Service Packages:

This triple is associated with the following Functional Objects:

This Triple is described by the following Functional View Data Flows:

This Triple has the following triple relationships:

Communication Solutions

Solutions are sorted in ascending Gap Severity order. The Gap Severity is the parenthetical number at the end of the solution.

Selected Solution

EU: Security Credentials - Secure Internet (ITS)

Solution Description

This solution is used within Australia and the E.U.. It combines standards associated with EU: Security Credentials with those for I-I: Secure Internet (ITS). The EU: Security Credentials standards include upper-layer standards required to provide and revoke security credentials. The I-I: Secure Internet (ITS) standards include lower-layer standards that support secure communications between ITS equipment using X.509 or IEEE 1609.2 security certificates.

ITS Application Entity

No Standard Needed
Click gap icons for more info.

Mgmt
Facilities

ETSI 102 941
ETSI 103 601
Security
Mind the gapMind the gap

ETSI 102 941
ETSI 103 601
Secure Session Alternatives
TransNet
Access

Internet Subnet Alternatives
TransNet TransNet

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Access Access

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

ITS Application ITS Application

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Mgmt Mgmt

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Facility Facility

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Security Security

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.

Characteristics

Characteristic Value
Time Context Recent
Spatial Context National
Acknowledgement True
Cardinality Unicast
Initiator Destination
Authenticable True
Encrypt False


Interoperability Description
National This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union).

Security

Information Flow Security
  Confidentiality Integrity Availability
Rating Low High High
Basis Revocations should be available to all entities in the C-ITS environment. There may be a point where a third party may learn something they shouldn't by observing this flow, but such a use case has not been defined to date. Thus, LOW. Revocations must be correct, or one of two potentially disastrous scenarios could occur: an entity with important information becomes untrusted and receivers ignore messages with high potential impact, or an untrustworty transmitter maintains its ability to be listened to, and receivers erroneously react to messages from what should be an untrustworthy source. It is unlikely that revocations will be sent more than a few times per day. However, when provided the information needs to be delivered, or the receiving party may trust entities that have been revoked and should not trust.


Security Characteristics Value
Authenticable True
Encrypt False