1
/
/
10
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
YD/T 3594-2019 English PDF (YDT3594-2019)
YD/T 3594-2019 English PDF (YDT3594-2019)
Normaalihinta
$755.00 USD
Normaalihinta
Alennushinta
$755.00 USD
Yksikköhinta
/
kohti
Toimituskulut lasketaan kassalla.
Noudon saatavuutta ei voitu ladata
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click YD/T 3594-2019
Historical versions: YD/T 3594-2019
Preview True-PDF (Reload/Scroll if blank)
YD/T 3594-2019: General technical requirements of Security for Vehicular Communication based on LTE
YD/T 3594-2019
YD
COMMUNICATION INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 33.060.99
M30
General technical requirements of security for
vehicular communication based on LTE
ISSUED ON: NOVEMBER 11, 2019
IMPLEMENTED ON: JANUARY 01, 2020
Issued by: Ministry of Industry and Information Technology of PRC
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Abbreviations ... 6
4 LTE-based vehicular communication architecture ... 7
4.1 Overview ... 7
4.2 PC5 and LTE-Uu based V2X communication architecture ... 7
4.3 MBMS and LTE-Uu based V2X communication architecture ... 11
4.4 LTE-based vehicular communication security architecture ... 11
5 Requirements for LTE-based vehicular communication security ... 13
5.1 General security requirements ... 13
5.2 Security requirements for network elements ... 14
6 Security process of V5 interface ... 17
6.1 Overview ... 17
6.2 Description of security basic elements ... 18
6.3 General requirements for security data structure ... 21
6.4 Public key certificate format ... 22
6.5 Message signing process ... 23
6.6 Message encryption process... 28
6.7 Key negotiation... 34
7 Security procedures of other interfaces ... 36
7.1 V2X communication security process between network elements ... 36
7.2 Security process of V3 interface ... 36
7.3 Security process of MB2 interface ... 38
Appendix A (Normative) Algorithm description ... 39
Appendix B (Informative) Device authorization management ... 41
Appendix C (Informative) Public key certificate management ... 55
Appendix D (Informative) Data message of V5 interface ... 70
Appendix E (Informative) Key negotiation calculation process ... 84
Appendix F (Informative) Certificate request and response ... 86
Appendix G (Informative) Recommendations on allocation of security-related
AID value ... 96
General technical requirements of security for
vehicular communication based on LTE
1 Scope
This standard specifies the overall technical requirements, interface security
requirements, security procedures for LTE-based vehicular communication
security.
This standard applies to LTE-based vehicular communication systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) is applicable to this standard.
GB/T 37376-2019 Transportation - Digital certificate format
GB/T 37374-2019 Intelligent transport - Digital certificate application
interface
3GPP TS 33.210 3G security; Network Domain Security (NDS); IP network
layer security)
3GPP TS 33.223 Generic Authentication Architecture (GAA); Generic
Bootstrapping Architecture (GBA) Push function)
3GPP TS 33.246 3G Security; Security of Multimedia Broadcast/Multicast
Service (MBMS)
IEEE Std 1363 IEEE Standard Specifications for Public-Key Cryptography
IEEE Std 1363a IEEE Standard Specifications for Public-Key Cryptography
- Amendment 1: Additional Techniques
IEEE Std 1609.2-2016 IEEE Standard for Wireless Access in Vehicular
Environments (WAVE) - Security Services for Applications and Management
Messages
IETF RFC 5639 Elliptic Curve Cryptography (ECC) Brainpool Standard
for the operator to authorize the V2X device to perform V2X communication.
- The 3GPP network shall provide a method, for operators to authorize V2X
devices to perform V2X communications, when they have not obtained E-
UTRAN services that support V2X communications.
- The 3GPP network shall provide a method, to authorize V2X devices to use
vehicle-to-network communication services.
- The 3GPP network shall protect the integrity of V2X device transmission.
- According to the requirements of regulatory agencies, 3GPP networks shall
protect the anonymity and privacy of V2X devices; ensure that V2X devices
shall not be tracked or identified by other terminals, within a certain period
of time, which is required by V2X applications.
- According to the requirements of the regulatory agency, the 3GPP network
shall protect the anonymity and privacy of V2V/V2I communication
terminals; ensure that V2X devices shall not be tracked in this area by a
party without the authorization by regulatory agency or user.
- The system shall support the use of domestic commercial cryptographic
algorithms.
- The system shall support secure transmission channels, such as https.
- The system shall support the secure storage of sensitive information.
5.2 Security requirements for network elements
5.2.1 V2X device
For PC5 communication, V2X devices shall support certificate-based
application layer security mechanisms. See V5 interface security for details.
For the Uu communication, V2X devices shall support LTE communication
security mechanisms, including EPS-AKA-based mutual authentication, air
interface encryption, integrity protection of signaling messages. Among the, for
the air interface encryption, the V2X device and the LTE network shall, through
negotiation, determine whether to enable it. For MBMS-based Uu
communication, V2X devices may not support air interface encryption. V2X
devices shall also support certificate-based application layer security
mechanisms.
To protect user privacy, V2X user-side devices (such as vehicles) can be
anonymized, at the application layer. For details, see V5 interface security.
When the application layer instructs the application layer ID to change, the V2X
device shall randomly change its layer 2 ID.
V2X devices shall support the protection of sensitive information (such as keys,
certificates, etc.), using secure operating environments, security units, or
secure processors.
5.2.2 V2X control function
The V2X control function shall support the security mechanism, which is defined
in Chapter 7.2, to protect the security of the V3 interface.
The V2X control function shall support the security mechanism, which is defined
in Chapter 7.1, to protect the security of the interface with other network
elements.
5.2.3 V1 interface security requirements
The security of the V1 interface is outside the scope of this standard.
5.2.4 V2 interface security requirements
The security of the V2 interface is outside the scope of this standard.
5.2.5 V3 interface security requirements
- V2X device and its HPLMN's V2X control function shall support mutual
authentication.
- The configuration data transmission, between the V2X control function and
the V2X device, shall support integrity protection
- The configuration data transmission, between the V2X control function and
the V2X device, shall support confidentiality protection
- The configuration data transmission, between the V2X control function and
the V2X device, shall support anti-replay attacks
- The identity of the V2X device on the V3 interface shall support
confidentiality protection.
5.2.6 V4 interface security requirements
- The V2X network entity shall be able to authenticate the sender of the
received data communication, that is, the V2X control function and the HSS
shall be able to authenticate each other.
- Data transmission, between V2X network entities (that is, between V2X
control functions and HSS), shall be subject to integrity protection.
- Data transmission, betwe...
Get QUOTATION in 1-minute: Click YD/T 3594-2019
Historical versions: YD/T 3594-2019
Preview True-PDF (Reload/Scroll if blank)
YD/T 3594-2019: General technical requirements of Security for Vehicular Communication based on LTE
YD/T 3594-2019
YD
COMMUNICATION INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 33.060.99
M30
General technical requirements of security for
vehicular communication based on LTE
ISSUED ON: NOVEMBER 11, 2019
IMPLEMENTED ON: JANUARY 01, 2020
Issued by: Ministry of Industry and Information Technology of PRC
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Abbreviations ... 6
4 LTE-based vehicular communication architecture ... 7
4.1 Overview ... 7
4.2 PC5 and LTE-Uu based V2X communication architecture ... 7
4.3 MBMS and LTE-Uu based V2X communication architecture ... 11
4.4 LTE-based vehicular communication security architecture ... 11
5 Requirements for LTE-based vehicular communication security ... 13
5.1 General security requirements ... 13
5.2 Security requirements for network elements ... 14
6 Security process of V5 interface ... 17
6.1 Overview ... 17
6.2 Description of security basic elements ... 18
6.3 General requirements for security data structure ... 21
6.4 Public key certificate format ... 22
6.5 Message signing process ... 23
6.6 Message encryption process... 28
6.7 Key negotiation... 34
7 Security procedures of other interfaces ... 36
7.1 V2X communication security process between network elements ... 36
7.2 Security process of V3 interface ... 36
7.3 Security process of MB2 interface ... 38
Appendix A (Normative) Algorithm description ... 39
Appendix B (Informative) Device authorization management ... 41
Appendix C (Informative) Public key certificate management ... 55
Appendix D (Informative) Data message of V5 interface ... 70
Appendix E (Informative) Key negotiation calculation process ... 84
Appendix F (Informative) Certificate request and response ... 86
Appendix G (Informative) Recommendations on allocation of security-related
AID value ... 96
General technical requirements of security for
vehicular communication based on LTE
1 Scope
This standard specifies the overall technical requirements, interface security
requirements, security procedures for LTE-based vehicular communication
security.
This standard applies to LTE-based vehicular communication systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) is applicable to this standard.
GB/T 37376-2019 Transportation - Digital certificate format
GB/T 37374-2019 Intelligent transport - Digital certificate application
interface
3GPP TS 33.210 3G security; Network Domain Security (NDS); IP network
layer security)
3GPP TS 33.223 Generic Authentication Architecture (GAA); Generic
Bootstrapping Architecture (GBA) Push function)
3GPP TS 33.246 3G Security; Security of Multimedia Broadcast/Multicast
Service (MBMS)
IEEE Std 1363 IEEE Standard Specifications for Public-Key Cryptography
IEEE Std 1363a IEEE Standard Specifications for Public-Key Cryptography
- Amendment 1: Additional Techniques
IEEE Std 1609.2-2016 IEEE Standard for Wireless Access in Vehicular
Environments (WAVE) - Security Services for Applications and Management
Messages
IETF RFC 5639 Elliptic Curve Cryptography (ECC) Brainpool Standard
for the operator to authorize the V2X device to perform V2X communication.
- The 3GPP network shall provide a method, for operators to authorize V2X
devices to perform V2X communications, when they have not obtained E-
UTRAN services that support V2X communications.
- The 3GPP network shall provide a method, to authorize V2X devices to use
vehicle-to-network communication services.
- The 3GPP network shall protect the integrity of V2X device transmission.
- According to the requirements of regulatory agencies, 3GPP networks shall
protect the anonymity and privacy of V2X devices; ensure that V2X devices
shall not be tracked or identified by other terminals, within a certain period
of time, which is required by V2X applications.
- According to the requirements of the regulatory agency, the 3GPP network
shall protect the anonymity and privacy of V2V/V2I communication
terminals; ensure that V2X devices shall not be tracked in this area by a
party without the authorization by regulatory agency or user.
- The system shall support the use of domestic commercial cryptographic
algorithms.
- The system shall support secure transmission channels, such as https.
- The system shall support the secure storage of sensitive information.
5.2 Security requirements for network elements
5.2.1 V2X device
For PC5 communication, V2X devices shall support certificate-based
application layer security mechanisms. See V5 interface security for details.
For the Uu communication, V2X devices shall support LTE communication
security mechanisms, including EPS-AKA-based mutual authentication, air
interface encryption, integrity protection of signaling messages. Among the, for
the air interface encryption, the V2X device and the LTE network shall, through
negotiation, determine whether to enable it. For MBMS-based Uu
communication, V2X devices may not support air interface encryption. V2X
devices shall also support certificate-based application layer security
mechanisms.
To protect user privacy, V2X user-side devices (such as vehicles) can be
anonymized, at the application layer. For details, see V5 interface security.
When the application layer instructs the application layer ID to change, the V2X
device shall randomly change its layer 2 ID.
V2X devices shall support the protection of sensitive information (such as keys,
certificates, etc.), using secure operating environments, security units, or
secure processors.
5.2.2 V2X control function
The V2X control function shall support the security mechanism, which is defined
in Chapter 7.2, to protect the security of the V3 interface.
The V2X control function shall support the security mechanism, which is defined
in Chapter 7.1, to protect the security of the interface with other network
elements.
5.2.3 V1 interface security requirements
The security of the V1 interface is outside the scope of this standard.
5.2.4 V2 interface security requirements
The security of the V2 interface is outside the scope of this standard.
5.2.5 V3 interface security requirements
- V2X device and its HPLMN's V2X control function shall support mutual
authentication.
- The configuration data transmission, between the V2X control function and
the V2X device, shall support integrity protection
- The configuration data transmission, between the V2X control function and
the V2X device, shall support confidentiality protection
- The configuration data transmission, between the V2X control function and
the V2X device, shall support anti-replay attacks
- The identity of the V2X device on the V3 interface shall support
confidentiality protection.
5.2.6 V4 interface security requirements
- The V2X network entity shall be able to authenticate the sender of the
received data communication, that is, the V2X control function and the HSS
shall be able to authenticate each other.
- Data transmission, between V2X network entities (that is, between V2X
control functions and HSS), shall be subject to integrity protection.
- Data transmission, betwe...
Share
