Navigation and service

Cooperative intelligent transport systems (C-ITS)

Cooperative intelligent transport systems (C-ITS) enable connected road users and the transport infrastructure to exchange digital radio messages about traffic events and vehicle status. The aim of this communication between vehicles, traffic lights, gantries and construction site equipment is to increase traffic safety, prevent accidents and improve traffic flow.

The BSI's technical guideline TR-03164 expands on and clarifies the relevant IT security requirements of the underlying European Certificate Policy.

Use cases

A large number of practical applications are being developed or planned with regard to C-ITS, especially in the field of road traffic. These include, for example:

  • Roadworks warning: Drivers on motorways are warned of (short-term) roadworks and associated lane closures well in advance and can adapt their driving behaviour accordingly.
  • Traffic jam ahead-warning: Vehicles at the back of gridlocked traffic can warn approaching vehicles to prevent rear-end collisions.
  • In-vehicle signage: IVI messages can transmit information about fixed or dynamic traffic signs to vehicles and display them in the cockpit.

You can find an overview of other applications here. These services have been tested for several years as part of various projects and will be gradually introduced into regular operation.

The message formats used are defined in a set of ETSI Technical Specifications. Within the EU, intelligent transport systems are regulated by Directive 2010/40/EU. The directive defines priority measures for deployment and operation. It authorises the European Commission to issue specifications regarding compatibility, interoperability and continuity through delegated acts.

The messages exchanged can influence traffic events and ultimately the well-being of road users. This is why a high level of IT security is required for the use of C-ITS. In particular, appropriate measures need to be taken to ensure the integrity of the messages and the authenticity of the senders. An immediate measure is to ensure that all messages sent in C-ITS are digitally signed. The signature format and the cryptographic algorithms to be applied are also specified by ETSI.

The use of signatures requires a suitable public key infrastructure (PKI) through which all participants can obtain authentic signature keys. The central entities of the PKI, in particular the Trust List Manager, are maintained by the European Commission. The root certification authorities, which can be maintained by transport authorities in the member states or private companies such as vehicle manufacturers, are in the next hierarchical level down. The enrolment and authorisation authorities, which issue the certificates for the end entities, are another level lower in the hierarchy. These are the C-ITS communication units installed in vehicles or transport infrastructure components. In the interest of data protection the system allows for the anonymous issue of certificates, which makes it difficult to link the messages sent. In Europe, the overall PKI system is also referred to as the European C-ITS Security Credential Management System (EU CCMS).

IT security management is required to operate the entities of the PKI. The overall architecture of the PKI and the required measures, including the requirements for the processes for issuing, managing and revoking certificates, are described in a Certificate Policy, which was also developed by the EU Commission.

A corresponding audit is planned for the entities in active operation. The Commission requires components that process messages and signatures in vehicles and in the transport infrastructure to be certified according to Common Criteria.

Uniform level of security

Technical Guideline BSI TR-03164 expands on and clarifies the requirements of the Certificate Policy. It therefore provides a uniform basis for interpreting the relevant requirements and gives specific recommendations for implementation where there is scope for flexibility. The technical guideline therefore helps to create clarity for those involved both from industry and the public sector and to achieve a comparable level of security among the stakeholders.

TR-03164 consists of two parts. The first part acts as a guideline for PKI operators for the implementation and operation of certification authorities within the European C-ITS PKI. The second part deals with the requirements for the C-ITS stations (i.e. the communication components in vehicles and the transport infrastructure) and their operators. The configuration, registration and operation of these components are addressed in particular.

So far, two protection profiles have been certified by the BSI according to Common Criteria for the C-ITS application area.

The. Protection Profile V2X Hardware Security Module defines the requirements for a hardware security module (HSM) and associated software used in mobile or stationary C-ITS components for cryptographic functions and key management.

In the Protection Profile for a Roadworks Warning Unit, the target of evaluation is defined as a roadworks warning unit that is primarily used on dedicated trailers for roadworks. The unit is capable of collecting C-ITS messages from passing vehicles and using them for traffic monitoring purposes. Likewise, the unit can send warning messages to vehicles.