SU08: Security and Credentials Management

Need Area Description

This service package is used to ensure trusted communications between mobile devices and other mobile devices or roadside devices and protect data they handle from unauthorized access. The service package grants trust credentials to qualified mobile devices and infrastructure devices in the Connected Vehicle Environment so that those devices may be considered trusted by other devices that receive trust credentials from the SCM service package. The service package allows credentials to be requested and revoked and secures the exchange of trust credentials between parties, so that no other party can intercept and use those credentials illegitimately. The service package provides security to the transmissions between connected devices, ensuring authenticity and integrity of the transmissions. Additional security features include privacy protection, authorization and privilege class definition, as well as non–repudiation of origin.

Need Area Type

Support

Service Package

SU08: Security and Credentials Management

Includes Needs

NumberNeed
01The CCMS Operator needs to grant trust credentials to qualified end entities including mobile devices so that those devices may be considered trusted by other devices that receive trust credentials from the CCMS.
02The CCMS Operator needs to be able to revoke the credentials it distributes, so that a misbehaving or malfunctioning device can be recognized as such.
03The CCMS Operator needs to secure the exchange of trust credentials between itself and its intended user, so that no other party can intercept and use those credentials illegitimately.
04The CCMS Operator needs its systems to be constructed in such a way that the cooperation of at least two parties within the CCMS' structure are required to link the identity of a user with a set of trust credentials, to protect user privacy.
05The CCMS Operator needs its systems to be constructed in such a way that the cooperation of at least two parties within the CCMS' structure are required to associate multiple credentials that were distributed to a user, to protect user privacy.
06The CCMS Operator needs to accept misbehavior reports from users, so that malfunctioning and misbehaving users may be identified and their privileges within the CVE revoked if necessary.
07ITS Object operators need to be able to authenticate messages received so that they can determine if the originator is a trusted source.
08ITS Object operators need to be able to determine the privileges a message sender is entitled to so that they can determine if the originator's suggested action should be considered for action.
09ITS Object operators need to be able to communicate with other users in such a way as to make it difficult to associate messages with one another, to help maintain user privacy.
10ITS Object operators need to be able to exchange messages in a secure fashion, so that no other party can easily understand the contents of the message.