T.Critical system component fails - Failure of one or more system components results in the loss of system critical functionality. Threat agent in this case is the CIMC hardware. Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.
T.Flawed code A system or applications developer delivers code that does not perform according to specifications or contains security flaws. Threat agent in this case is the PKI developer. Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.
T.Flawed code - A system or applications developer delivers code that does not perform according to specifications or contains security flaws. Threat agent in this case is the PKI developer. Adverse action can be compromise of the security of the CIMC and/or relying party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.
T.Malicious code exploitation - An authorized user, IT system, or hacker downloads and executes malicious code, which causes abnormal processes that violate the integrity, availability, or confidentiality of the system assets. Threat agent could be an authorized user, PKI itself, or an unauthorized user. Adverse action can be compromise of the security of the CIMC and/or relying
party systems that rely on the PKI objects such as certificates, CRLs, or OCSP Responses.
@@ -423,7 +438,150 @@ T.Social engineering - A hacker uses social engineering techniques to gain infor
A Public Key Infrastructure (PKI) dedicated to Communicating Intelligent Transport Systems (C-ITS) is used to manage ITS related certificates to enable deployment of security functions over the different components of ITS systems, mainly signature and encryption of ITS messages. The PKI is responsible for the issuance, revocation, and overall management of certificates and certificate status information.
The PKI architecture and its functionalities considered here are the one standardized by the ETSI in ETSI TS 102 940 and ETSI TS 102 941.
The C-ITS PKI shall provide the different services required by the RCA, EC and AA roles defined by the European C-ITS trust model. In the figure we also identify the role of a Misbehaviour Authority (MA): entity responsible to receive misbehaviour reports coming from ITS-S identifying other misbehaving ITS and emits action requests to the other C-ITS PKI authorities to react to misbehaving behaviour of ITS-S. The current PP does not define requirement for the MA services since the MA communication and services are not yet fully define and standardized. However the PP should be updated when it is.
#### 4.5.3.1 SP3 - Assets
<tableborder="1">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
<th>Security needs</th>
</tr>
</thead>
<tbody>
<tr>
<tdcolspan="4">Keys</td>
</tr>
<tr>
<td>Canonical Public Key</td>
<td>Public key generated by ITS-Station and used by the EA to verify EC request signature.</td>
<td>Integrity</td>
</tr>
<tr>
<td>Data encryption key</td>
<td>AES key used to encrypt requests and responses messages data.</td>
<td>Integrity, confidentiality</td>
</tr>
<tr>
<td>CA private keys</td>
<td>Private keys corresponding to the public keys contained in CA certificates issued by the PKI system. These keys are used for signature/encryption mechanisms.</td>
<td>Confidentiality, integrity</td>
</tr>
<tr>
<tdcolspan="4">Certificates</td>
</tr>
<tr>
<td>CA Certificates</td>
<td>This includes the root CA self-signed, EA, AA, and MA certificates generated by the root CA.</td>
<td>Availability</td>
</tr>
<tr>
<td>Enrolment Credential (EC)</td>
<td>EC is a certificate that contains a unique name, a public key, and other attributes.</td>
<td>Integrity</td>
</tr>
<tr>
<td>Authorization Ticket (AT)</td>
<td>AT is a pseudonym certificate that does not contain any identification information but public key(s) and other attributes.</td>
<td>Integrity</td>
</tr>
<tr>
<td>TLM certificate</td>
<td>Self-signed certificate managed by EU</td>
<td>Availability</td>
</tr>
<tr>
<tdcolspan="4">Station registration data</td>
</tr>
<tr>
<td>Canonical ID</td>
<td>This information is stored at initial registration of the ITS station under the responsibility of the manufacturer. The canonical ID shall contain a substring identifying the manufacturer or operator to make uniqueness of this identifier possible.</td>
<td>Integrity, confidentiality</td>
</tr>
<tr>
<td>ITS-S Profile</td>
<td>The profile information for the ITS-S that may contain an initial list of maximum appPermissions (ITS-AIDs with SSPs), region restrictions, etc., which may be modified over time.</td>
<td>Integrity</td>
</tr>
<tr>
<td>Tag</td>
<td>HMAC-SHA 256 of the keys to be certified.</td>
<td>Confidentiality, integrity</td>
</tr>
<tr>
<td>HMAC key</td>
<td>Key used to compute Tags sent with AT requests.</td>
<td>Confidentiality, integrity, availability</td>
</tr>
<tr>
<tdcolspan="4">CA Network addresses</td>
</tr>
<tr>
<td>CA Network addresses</td>
<td>URL used to communicate with the CA.</td>
<td>Integrity, availability</td>
</tr>
<tr>
<td>DC network address</td>
<td>URL used to communicate with the DC.</td>
<td>Integrity, availability</td>
</tr>
<tr>
<td>CPOC Network address</td>
<td>URL used to communicate with the DC.</td>
<td>Integrity, availability</td>
</tr>
<tr>
<tdcolspan="4">Policies</td>
</tr>
<tr>
<td>Certificate Policy configuration data</td>
<td>Configuration data defining the role and duties of the PKI entities, including definition of parameters for: issuance, publication, archiving, revocation, renewal. This includes the certificate profiles.</td>
<td>Integrity, availability</td>
</tr>
<tr>
<tdcolspan="4">Trust lists</td>
</tr>
<tr>
<td>CRL</td>
<td>This list contains all information about revoked entities and needs to be protected from any malicious change. We need to assure the integrity of this list as defined in (1).</td>
<td>Integrity, availability</td>
</tr>
<tr>
<td>CTL</td>
<td>This list contains all information about trusted entity certificates (CA), using the format and properties as defined in (1).</td>
<td>Integrity, availability</td>
</tr>
<tr>
<td>ECTL</td>
<td>This list contains all information about root CA certificates (certificates, URL to access the CPOC, ...) as defined by (1).</td>
<td>Integrity, availability</td>
</tr>
<tr>
<tdcolspan="4">PKI services</td>
</tr>
<tr>
<td>Software/Execution of the software</td>
<td>Correct execution of the TOE function to provide the correct services.</td>
<td>Integrity</td>
</tr>
<tr>
<tdcolspan="4">Misbehavior detection</td>
</tr>
<tr>
<td>Misbehaviour Report (MR)</td>
<td>Reports sent by the ITS-S to the MA to provide information regarding a possible misbehaving ITS-S (8).</td>
<td>Integrity, availability</td>
</tr>
</tbody>
</table>
#### 4.5.3.2 SP3 - Essential Functions
|Function | description | Associated user/role |
@@ -446,8 +604,10 @@ The C-ITS PKI shall provide the different services required by the RCA, EC and A
| Creation, deletion, management of user accounts | Users account can be created or deleted and the different account privileges can be set up according to the role | Configuration and management administrator|
| Verification of the C-ITS PKI secure state | Verification of the current state of the C-ITS PKI to verify that it is in a secure state (e.g. Code integrity validation regarding its signature, verification of the keys integrity, verification of the certificates validity) |Configuration and management administrator, Officer|
