IEEE 1609.2-2013

$144.63

IEEE Standard for Wireless Access in Vehicular Environments — Security Services for Applications and Management Messages

Published By	Publication Date	Number of Pages
IEEE	2013

Guaranteed Safe Checkout

Category: IEEE

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

Revision Standard – Superseded. Secure message formats and processing for use by Wireless Access in Vehicular Environments (WAVE) devices, including methods to secure WAVE management messages and methods to secure application messages are defined in this standard. It also describes administrative functions necessary to support the core security functions.

PDF Catalog

PDF Pages	PDF Title
1	IEEE Std 1609™.2-2013 front cover
3	Title page
6	Notice to users Laws and regulations Copyrights Updating of IEEE documents Errata Patents
8	Participants
10	Introduction
11	Contents
13	1. Overview 1.1 Scope 1.2 Purpose
14	1.3 Document organization 1.4 Document conventions 1.5 Note to implementers 2. Normative references
15	3. Definitions, abbreviations, and acronyms 3.1 Definitions
20	3.2 Abbreviations and acronyms
22	4. General description 4.1 WAVE protocol stack overview
24	4.2 Generic security services 4.3 Security processing services 4.3.1 General
25	4.3.2 Secure data exchange
26	4.3.3 Signed WSAs 4.3.4 Processing for security management 4.4 Cryptomaterial 4.4.1 General
27	4.4.2 Private key storage and cryptomaterial handles
28	4.5 Security management services 4.5.1 Certificate Management Entity
29	4.5.2 Provider Service Security Management Entity
30	5. Security services 5.1 General 5.2 Preconditions for secure processing 5.2.1 Secure data exchange
31	5.2.2 Secure WSAs 5.2.2.1 Local service index for security
32	5.2.2.2 Registering secure provider service permissions with PSSME 5.2.3 Cryptomaterial 5.2.3.1 General
33	5.2.3.2 Initialization 5.2.3.3 Transition to Key Pair Only state
34	5.2.3.4 Transition to Key and Certificate state
35	5.3 Secure data exchange 5.3.1 General
36	5.3.2 Sign data
37	5.3.3 Encrypt data 5.3.4 Sign and encrypt data
38	5.3.5 Decrypt data 5.3.6 Verify signed data
39	5.4 Signed WSAs 5.4.1 Sign WSA
40	5.4.2 Verify signed WSA
41	5.5 Validity of signed communications 5.5.1 General
43	5.5.2 Certificate chains 5.5.2.1 General
44	5.5.2.2 Cryptographic verification of certificate chains
46	5.5.3 Permissions and consistency of permissions 5.5.3.1 General 5.5.3.2 Consistency between signed communications and signing certificates 5.5.3.2.1 General
47	5.5.3.2.2 Signed data
48	5.5.3.2.3 Consistency between signed data and transport layers 5.5.3.2.4 Consistency within signed data 5.5.3.2.5 Signed WSA
50	5.5.3.3 Consistency between subordinate certificates and issuing certificates
51	5.5.3.4 Permission encoding: inherited permissions
52	5.5.4 Certificate validity 5.5.4.1 Certificate lifetime 5.5.4.2 Certificate revocation 5.5.4.3 Revoked certificates
53	5.5.4.4 Dubious certificates
54	5.5.5 Relevance and replay tests
55	5.5.6 Local estimates of time and location 5.6 Processing for security management 5.6.1 Certificate request 5.6.1.1 Processing
57	5.6.1.2 Validity of certificate requests
58	5.6.2 Certificate response 5.6.2.1 Processing
59	5.6.2.2 Validity of certificate responses
60	5.6.3 Certificate response acknowledgement 5.6.4 Certificate revocation information 5.6.4.1 Processing flow 5.6.4.2 Validity of CRLs
63	5.6.4.3 Transport 5.7 Certificate Management Entity 5.7.1 General 5.7.2 Certificate revocation information
64	5.7.3 Trust anchor
65	5.7.4 Other certificates 5.8 Cryptographic operations 5.8.1 Signature algorithms 5.8.2 Public key encryption algorithms: ECIES
66	5.8.3 Key pair generation 5.8.4 Key pair validity 5.8.5 Symmetric algorithms: AES-CCM
67	5.8.6 Implicit certificates 5.8.7 Hash algorithms: SHA-256 6. Data structures for secure communication 6.1 Presentation language 6.1.1 General
68	6.1.2 Notation conventions 6.1.3 Basic block size 6.1.4 Numbers 6.1.5 Fixed-length vectors
69	6.1.6 Variable-length vectors 6.1.6.1 Variable-length vectors with fixed-length length encoding
70	6.1.6.2 Variable-length vectors with variable-length length encoding
71	6.1.7 The opaque and opaqueExtLength type
72	6.1.8 Enumerated type 6.1.9 The psid type
73	6.1.10 Constructed types 6.1.11 The select statement
74	6.1.12 The extern statement
75	6.1.13 Flags 6.1.13.1 Use of flags field
76	6.1.13.2 Encoding of flags field
77	6.2 Structures for secure communications 6.2.1 General
78	6.2.2 1609Dot2Data 6.2.3 ContentType
79	6.2.4 SignedData
80	6.2.5 SignerIdentifier 6.2.6 SignerIdentifierType
81	6.2.7 HashedId8 6.2.8 ToBeSignedData
82	6.2.9 Psid 6.2.10 TbsDataFlags 6.2.11 Time64WithStandardDeviation
83	6.2.12 Time64 6.2.13 ThreeDLocation
84	6.2.14 TbsDataExtension 6.2.15 TbsDataExtensionType 6.2.16 Signature 6.2.17 PKAlgorithm
85	6.2.18 EcdsaSignature 6.2.19 EllipticCurvePoint
86	6.2.20 EccPublicKeyType 6.2.21 SignedWsa 6.2.22 ToBeSignedWsa
87	6.2.23 EncryptedData
88	6.2.24 SymmAlgorithm 6.2.25 RecipientInfo
89	6.2.26 EciesNistP256EncryptedKey 6.2.27 AesCcmCiphertext 6.2.28 ToBeEncrypted
90	6.3 Certificates and other security management data structures 6.3.1 General
91	6.3.2 Certificate
92	6.3.3 ToBeSignedCertificate
93	6.3.4 HolderType
94	6.3.5 CertificateContentFlags 6.3.6 CertificateDuration
95	6.3.7 CertSpecificData 6.3.8 RootCaScope
96	6.3.9 HolderTypeFlags 6.3.10 PsidArray
97	6.3.11 ArrayType 6.3.12 PsidPriorityArray
98	6.3.13 PsidPriority 6.3.14 GeographicRegion
99	6.3.15 RegionType 6.3.16 CircularRegion 6.3.17 RectangularRegion 6.3.18 PolygonalRegion
100	6.3.19 TwoDLocation 6.3.20 SecDataExchCaScope
101	6.3.21 WsaCaScope 6.3.22 CrlSeries
102	6.3.23 IdentifiedNotLocalizedScope 6.3.24 PsidSspArray 6.3.25 PsidSsp
103	6.3.26 IdentifiedScope 6.3.27 AnonymousScope
104	6.3.28 WsaScope 6.3.29 PsidPrioritySspArray
105	6.3.30 PsidPrioritySsp 6.3.31 Time32 6.3.32 PublicKey
106	6.3.33 PublicKeyReconstructionHashInput 6.3.34 CertificateRequest 6.3.35 ToBeSignedCertificateRequest
108	6.3.36 ToBeEncryptedCertificateResponse
109	6.3.37 ToBeEncryptedCertificateRequestError 6.3.38 CertificateRequestErrorCode
111	6.3.39 ToBeEncryptedCertificateResponseAcknowledgment 6.3.40 Crl
112	6.3.41 ToBeSignedCrl
113	6.3.42 CrlType 6.3.43 IdAndDate 6.3.44 CertId10 6.3.45 CrlRequest
114	7. Service primitives and functions 7.1 General comments and conventions
116	Sec-Function-CheckCertificateChainConsistency Sec-Function-VerifyChainAndSignature Sec-Function-DecryptData Sec-Function-CertificateRequestErrrorVerification Sec-Function-CertificateResponseVerification
117	7.2 Sec SAP 7.2.1 Sec-LocalServiceIndexForSecurity.request 7.2.1.1 Function 7.2.1.2 Semantics of the service primitive 7.2.1.3 When generated 7.2.1.4 Effect of receipt 7.2.2 Sec-LocalServiceIndexForSecurity.confirm 7.2.2.1 Function 7.2.2.2 Semantics of the service primitive
118	7.2.2.3 When generated 7.2.2.4 Effect of receipt 7.2.3 Sec-CryptomaterialHandle.request 7.2.3.1 Function 7.2.3.2 Semantics of the service primitive 7.2.3.3 When generated 7.2.3.4 Effect of receipt 7.2.4 Sec-CryptomaterialHandle.confirm 7.2.4.1 Function
119	7.2.4.2 Semantics of the service primitive 7.2.4.3 When generated 7.2.4.4 Effect of receipt 7.2.5 Sec-CryptomaterialHandle-GenerateKeyPair.request 7.2.5.1 Function 7.2.5.2 Semantics of the service primitive
120	7.2.5.3 When generated 7.2.5.4 Effect of receipt 7.2.6 Sec-CryptomaterialHandle-GenerateKeyPair.confirm 7.2.6.1 Function 7.2.6.2 Semantics of the service primitive 7.2.6.3 When generated 7.2.6.4 Effect of receipt
121	7.2.7 Sec-CryptomaterialHandle-StoreKeyPair.request 7.2.7.1 Function 7.2.7.2 Semantics of the service primitive 7.2.7.3 When generated 7.2.7.4 Effect of receipt
122	7.2.8 Sec-CryptomaterialHandle-StoreKeyPair.confirm 7.2.8.1 Function 7.2.8.2 Semantics of the service primitive 7.2.8.3 When generated 7.2.8.4 Effect of receipt 7.2.9 Sec-CryptomaterialHandle-StoreCertificate.request 7.2.9.1 Function 7.2.9.2 Semantics of the service primitive
123	7.2.9.3 When generated 7.2.9.4 Effect of receipt 7.2.10 Sec-CryptomaterialHandle-StoreCertificate.confirm 7.2.10.1 Function 7.2.10.2 Semantics of the service primitive
124	7.2.10.3 When generated 7.2.10.4 Effect of receipt 7.2.11 Sec-CryptomaterialHandle-StoreCertificateAndKey.request 7.2.11.1 Function 7.2.11.2 Semantics of the service primitive 7.2.11.3 When generated 7.2.11.4 Effect of receipt
125	7.2.12 Sec-CryptomaterialHandle-StoreCertificateAndKey.confirm 7.2.12.1 Function 7.2.12.2 Semantics of the service primitive 7.2.12.3 When generated 7.2.12.4 Effect of receipt 7.2.13 Sec-SignedData.request 7.2.13.1 Function
126	7.2.13.2 Semantics of the service primitive
127	7.2.13.3 When generated 7.2.13.4 Effect of receipt
129	7.2.14 Sec-SignedData.confirm 7.2.14.1 Function
130	7.2.14.2 Semantics of the service primitive 7.2.14.3 When generated
131	7.2.14.4 Effect of receipt 7.2.15 Sec-EncryptedData.request 7.2.15.1 Function 7.2.15.2 Semantics of the service primitive 7.2.15.3 When generated 7.2.15.4 Effect of receipt
133	7.2.16 Sec-EncryptedData.confirm 7.2.16.1 Function 7.2.16.2 Semantics of the service primitive
134	7.2.16.3 When generated 7.2.16.4 Effect of receipt 7.2.17 Sec-SecureDataContentExtraction.request 7.2.17.1 Function 7.2.17.2 Semantics of the service primitive
135	7.2.17.3 When generated 7.2.17.4 Effect of receipt
137	7.2.18 Sec-SecureDataContentExtraction.confirm 7.2.18.1 Function 7.2.18.2 Semantics of the service primitive
140	7.2.18.3 When generated 7.2.18.4 Effect of receipt 7.2.19 Sec-SignedDataVerification.request 7.2.19.1 Function 7.2.19.2 Semantics of the service primitive
143	7.2.19.3 When generated 7.2.19.4 Effect of receipt 7.2.19.4.1 Overview
145	7.2.19.4.2 Setting generation time, generation time standard deviation, generation location, expiry time
147	7.2.20 Sec-SignedDataVerification.confirm 7.2.20.1 Function 7.2.20.2 Semantics of the service primitive
148	7.2.20.3 When generated 7.2.20.4 Effect of receipt 7.2.21 Sec-CRLVerification.request 7.2.21.1 Function 7.2.21.2 Semantics of the service primitive
149	7.2.21.3 When generated 7.2.21.4 Effect of receipt
151	7.2.22 Sec-CRLVerification.confirm 7.2.22.1 Function 7.2.22.2 Semantics of the service primitive
152	7.2.22.3 When generated 7.2.22.4 Effect of receipt 7.2.23 Sec-CertificateRequest.request 7.2.23.1 Function 7.2.23.2 Semantics of the service primitive
155	7.2.23.3 When generated 7.2.23.4 Effect of receipt
157	7.2.24 Sec-CertificateRequest.confirm 7.2.24.1 Function 7.2.24.2 Semantics of the service primitive
158	7.2.24.3 When generated 7.2.24.4 Effect of receipt 7.2.25 Sec-CertificateResponseProcessing.request 7.2.25.1 Function 7.2.25.2 Semantics of the service primitive
159	7.2.25.3 When generated 7.2.25.4 Effect of receipt
160	7.2.26 Sec-CertificateResponseProcessing.confirm 7.2.26.1 Function 7.2.26.2 Semantics of the service primitive
161	7.2.26.3 When generated 7.2.26.4 Effect of receipt
162	7.3 WME-Sec SAP 7.3.1 General 7.3.2 WME-Sec-SignedWsa.request 7.3.2.1 Function 7.3.2.2 Semantics of the service primitive
163	7.3.2.3 When generated 7.3.2.4 Effect of receipt
165	7.3.3 WME-Sec-SignedWsa.confirm 7.3.3.1 Function 7.3.3.2 Semantics of the service primitive 7.3.3.3 When generated 7.3.3.4 Effect of receipt 7.3.4 WME-Sec-SignedWsaVerification.request 7.3.4.1 Function
166	7.3.4.2 Semantics of the service primitive 7.3.4.3 When generated 7.3.4.4 Effect of receipt
169	7.3.5 WME-Sec-SignedWsaVerification.confirm 7.3.5.1 Function 7.3.5.2 Semantics of the service primitive
170	7.3.5.3 When generated 7.3.5.4 Effect of receipt
171	7.4 PSSME SAP 7.4.1 PSSME-LocalServiceIndexForSecurity.request 7.4.1.1 Function 7.4.1.2 Semantics of the service primitive 7.4.1.3 When generated 7.4.1.4 Effect of receipt 7.4.2 PSSME-LocalServiceIndexForSecurity.confirm 7.4.2.1 Function 7.4.2.2 Semantics of the service primitive
172	7.4.2.3 When generated 7.4.2.4 Effect of receipt 7.4.3 PSSME-SecuredProviderService.request 7.4.3.1 Function 7.4.3.2 Semantics of the service primitive
173	7.4.3.3 When generated 7.4.3.4 Effect of receipt 7.4.4 PSSME-SecuredProviderService.confirm 7.4.4.1 Function 7.4.4.2 Semantics of the service primitive 7.4.4.3 When generated 7.4.4.4 Effect of receipt 7.4.5 PSSME-SecureProviderServiceInfo.request 7.4.5.1 Function
174	7.4.5.2 Semantics of the service primitive 7.4.5.3 When generated 7.4.5.4 Effect of receipt 7.4.6 PSSME-SecureProviderServiceInfo.confirm 7.4.6.1 Function 7.4.6.2 Semantics of the service primitive
175	7.4.6.3 When generated 7.4.6.4 Effect of receipt 7.4.7 PSSME-CryptomaterialHandleStorage.request 7.4.7.1 Function 7.4.7.2 Semantics of the service primitive
176	7.4.7.3 When generated 7.4.7.4 Effect of receipt 7.4.8 PSSME-CryptomaterialHandleStorage.confirm 7.4.8.1 Function 7.4.8.2 Semantics of the service primitive 7.4.8.3 When generated
177	7.4.8.4 Effect of receipt 7.4.9 PSSME-OutOfOrderDetection.request 7.4.9.1 Function 7.4.9.2 Semantics of the service primitive 7.4.9.3 When generated 7.4.9.4 Effect of receipt
178	7.4.10 PSSME-OutOfOrderDetection.confirm 7.4.10.1 Function 7.4.10.2 Semantics of the service primitive 7.4.10.3 When generated 7.4.10.4 Effect of receipt 7.5 CME SAP 7.5.1 CME-CertificateInfo.request 7.5.1.1 Function 7.5.1.2 Semantics of the service primitive
179	7.5.1.3 When generated 7.5.1.4 Effect of receipt
181	7.5.2 CME-CertificateInfo.confirm 7.5.2.1 Function 7.5.2.2 Semantics of the service primitive
182	7.5.2.3 When generated 7.5.2.4 Effect of receipt
183	7.5.3 CME-AddTrustAnchor.request 7.5.3.1 Function 7.5.3.2 Semantics of the service primitive 7.5.3.3 When generated 7.5.3.4 Effect of receipt 7.5.4 CME-AddTrustAnchor.confirm 7.5.4.1 Function
184	7.5.4.2 Semantics of the service primitive 7.5.4.3 When generated 7.5.4.4 Effect of receipt 7.5.5 CME-AddCertificate.request 7.5.5.1 Function 7.5.5.2 Semantics of the service primitive
185	7.5.5.3 When generated 7.5.5.4 Effect of receipt 7.5.5.5 Effect of receipt 7.5.6 CME-AddCertificate.confirm 7.5.6.1 Function 7.5.6.2 Semantics of the service primitive 7.5.6.3 When generated 7.5.6.4 Effect of receipt
186	7.5.7 CME-AddCertificateRevocation.request 7.5.7.1 Function 7.5.7.2 Semantics of the service primitive 7.5.7.3 When generated 7.5.7.4 Effect of receipt
187	7.5.8 CME-AddCertificateRevocation.confirm 7.5.8.1 Function 7.5.8.2 Semantics of the service primitive 7.5.8.3 When generated 7.5.8.4 Effect of receipt 7.5.9 CME-AddCrlInfo.request 7.5.9.1 Function 7.5.9.2 Semantics of the service primitive
188	7.5.9.3 When generated 7.5.9.4 Effect of receipt 7.5.10 CME-AddCrlInfo.confirm 7.5.10.1 Function 7.5.10.2 Semantics of the service primitive 7.5.10.3 When generated 7.5.10.4 Effect of receipt
189	7.5.11 CME-CrlInfo.request 7.5.11.1 Function 7.5.11.2 Semantics of the service primitive 7.5.11.3 When generated 7.5.11.4 Effect of receipt
190	7.5.12 CME-CrlInfo.confirm 7.5.12.1 Function 7.5.12.2 Semantics of the service primitive
191	7.5.12.3 When generated 7.5.12.4 Effect of receipt 7.6 PSSME-Sec SAP 7.6.1 PSSME-Sec-CryptomaterialHandle.request 7.6.1.1 Function 7.6.1.2 Semantics of the service primitive
192	7.6.1.3 When generated 7.6.1.4 Effect of receipt
193	7.6.2 PSSME-Sec-CryptomaterialHandle.confirm 7.6.2.1 Function
194	7.6.2.2 Semantics of the service primitive 7.6.2.3 When generated 7.6.2.4 Effect of receipt
195	7.7 CME-Sec SAP 7.7.1 CME-Sec-ReplayDetection.request 7.7.1.1 Function 7.7.1.2 Semantics of the service primitive 7.7.1.3 When generated 7.7.1.4 Effect of receipt
196	7.7.2 CME-Sec-ReplayDetection.confirm 7.7.2.1 Function 7.7.2.2 Semantics of the service primitive 7.7.2.3 When generated 7.7.2.4 Effect of receipt 7.8 Internal functions 7.8.1 General
197	7.8.2 CME-Function-ConstructCertificateChain 7.8.2.1 Input 7.8.2.2 Output
198	7.8.2.3 Summary 7.8.2.4 Processing
200	7.8.3 Sec-Function-CheckCertificateChainConsistency 7.8.3.1 Input 7.8.3.2 Output 7.8.3.3 Summary 7.8.3.4 Processing
202	7.8.4 Sec-Function-CheckChainPsidsConsistency 7.8.4.1 Input 7.8.4.2 Output 7.8.4.3 Summary 7.8.4.4 Processing 7.8.5 Sec-Function-CheckChainPsidPriorityConsistency 7.8.5.1 Input
203	7.8.5.2 Output 7.8.5.3 Summary 7.8.5.4 Processing 7.8.6 Sec-Function-CheckChainGeographicConsistency 7.8.6.1 Input
204	7.8.6.2 Output 7.8.6.3 Summary 7.8.6.4 Processing 7.8.7 Sec-Function-VerifyChainAndSignature 7.8.7.1 Input
205	7.8.7.2 Output 7.8.7.3 Summary 7.8.7.4 Processing
206	7.8.8 Sec-Function-DecryptData 7.8.8.1 Input 7.8.8.2 Output 7.8.8.3 Summary
207	7.8.8.4 Processing 7.8.9 Sec-Function-CertificateRequestErrrorVerification 7.8.9.1 Input
208	7.8.9.2 Output 7.8.9.3 Summary 7.8.9.4 Processing
209	7.8.10 Sec-Function-CertificateResponseVerification 7.8.10.1 Input 7.8.10.2 Output
210	7.8.10.3 Summary 7.8.10.4 Processing
212	Annex A (normative) Protocol Implementation Conformance Statement (PICS) prforma A.1 Instructions for completing the PICS proforma
214	A.2 PICS proforma—IEEE Std 1609.2
224	Annex B (informative) IEEE 1609.2 security profiles B.1 General
225	B.2 Secure data exchange
229	B.3 IEEE 1609.2 security profile proforma
232	Annex C (normative) IEEE 1609.2 security profile for specific use cases C.1 SAE J2735 Basic Safety Message
234	C.2 WSA
236	Annex D (informative) Example and Use Cases D.1 Examples of encoded data structures
240	D.2 Secure data reception
243	D.3 Certificate request
254	D.4 Signed WSA: full example with certificate request and WSA processing
265	D.5 Processing CRLs
267	D.6 Constructing a certificate chain
272	Annex E (informative) Rationale and FAQ E.1 Introduction E.2 General philosophy
275	E.3 System assumptions made in this standard
276	E.4 Cryptography
279	E.5 Secure data exchange
281	E.6 Signed WSAs
284	E.7 Certificate request
285	E.8 CRL use E.9 Security mechanisms not included in this standard
288	Annex F (informative) Copyright statement for 6.1
289	Annex G (informative) Bibliography

Additional information

Standard Title	IEEE Standard for Wireless Access in Vehicular Environments — Security Services for Applications and Management Messages
Published Code	IEEE
Publication Date	2013

Preview PDF


PDF Format	Searchable	Printable	Preview Now

IEEE 1609.2-2013

PDF Catalog

Related products