Security aspects for Intelligent Transport System
(New Question 13/17)
Intelligent Transport System (ITS) provides various types of applications in order to increase road safety, decrease the environmental footprint of transport, enhance traffic management and maximize the transport sector’s benefits to public and commercial users.
ITS includes various types of communications in vehicles (e.g., vehicle-to-nomadic device), between vehicles (e.g., vehicle-to-vehicle (V2V)), and between vehicles and fixed locations (e.g., vehicle-to-infrastructure (V2I)), i.e., vehicle-to-everything (V2X) communications. Information and communication technologies (ICT) are used to implement ITS including road transport, rail, water and air transport, including navigation systems.
In the ITS environment, vulnerabilities of a vehicle can be propagated to other vehicles since the vehicles are connected to each other. Thus, vulnerabilities of V2X communication systems in a vehicle should be managed and handled in order not to influence a lot of other vehicles.
Electric devices inside a vehicle such as electronic control units (ECUs) and electric toll collection (ETC) devices are becoming more sophisticated. As a result, software modules inside those entities need to be appropriately updated for the purpose of bug fixing, and for performance and security improvements.
There are two Recommendations discussed in SG 17 so far. Recommendation ITU-T X.1373 approved in March 2017 provides the secure software update capability for ITS communication devices. Draft Recommendation ITU-T X.itssec-2 is under development to provide security guidelines for V2X communication systems.
Standardization of the best comprehensive security solutions is vital for ITS that operate in a telecommunication environment. Due to some specific characteristics of the mobile telecommunications, providing security becomes especially challenging tasks that deserve study.
Recommendations and Supplements under responsibility of this Question as of 30 March 2017:
Approved Recommendation: X.1373;
Texts under development: X.itssec-2.Question
Study items to be considered include, but are not limited to:
- How should security aspects (e.g., security architecture and subsystems) be identified and defined in an ITS environment?
- How should threats and vulnerabilities in ITS services and networks be identified and handled?
- What are the security requirements (e.g., those for identification and authentication) for mitigating the threats in an ITS environment?
- What are security technologies to support ITS services and networks?
- How should secure interconnectivity between entities in an ITS environment be kept and maintained?
- What security techniques, mechanisms and protocols are needed for ITS services and networks?
- What are globally agreeable security solutions for ITS services and networks, which are based on telecommunication/ICT networks?
- What are best practices or guidelines for ITS security?
- What PII (Personally Identifiable Information) protection and management mechanisms are needed for ITS services?
Tasks include, but are not limited to:
- Produce a set of Recommendations providing comprehensive security solutions for ITS.
- Study further to define security aspects of ITS services and networks, which are based on telecommunication/ICT networks.
- Study and identify security issues and threats in ITS.
- Study and identify requirements and use cases for specific ITS services and applications.
- Study and develop security mechanisms, protocols and technologies for ITS.
- Study and develop security profiling, hierarchical scheme for authentication and mechanism for specific ITS services and applications.
- Study and develop applications of efficient encryption and decryption algorithms for fast moving network nodes and dynamically changing network topologies.
- Study and develop secure interconnectivity mechanisms for ITS in a telecommunication environment.
- Study and identify PII protection issues and threats in ITS.
- Study and develop PII protection and management mechanisms for ITS.
- Study and develop an existing draft Recommendation X.itssec-2.
- Collaborate with the related SDOs to jointly develop Recommendations.
- X-series and others related to security
- ITU-T Qs 1/17, 2/17, 3/17, 4/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17 and 11/17.
- ITU-T SGs 11, 13, 16 and 20;
- ITU-R WP5A;
- Collaboration on ITS Communication Standards (CITS).
- ISO TCs 22 and 204;
- ISO/IEC JTC 1/SCs 6, and 27;
- IETF WG ITS;
- IEEE 802.11 WG and 1609 WG;
- SAE International (e.g., Vehicle Cybersecurity Systems Engineering Committee, Connected Vehicles Steering Committee, and DSRC Technical Standard Committee);
- ETSI TC ITS;
- W3C Automotive WG.
- ATIS; CCSA; TIA; TTA; TTC;
- UNECE (UN Economic Commission for Europe) Working Party 29 and subsidiary bodies (e.g., Taskforce on cyber security (TFCS));
- AGL (Automotive Grade Linux).