Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by and is under the jurisdiction of China Communications Standards Association.
General technical requirements of security for vehicular communication based on LTE
1 Scope
This standard specifies the general technical requirements, interface security requirements and security procedure of security for vehicular communication based on LTE.
It is applicable to vehicular communication system based on LTE.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced documents (including any amendments) applies.
GB/T 37376-2019 Transportation - Digital certificate format
GB/T 37374-2019 Intelligent transport - Digital certificate application interface
3GPP TS 33.210 3G security; Network domain security (NDS); IP network layer security
3GPP TS 33.223 Generic authentication architecture (GAA); Generic bootstrapping architecture (GBA) push function
3GPP TS 33.246 3G security; Security of multimedia broadcast / multicast service (MBMS)
IEEE Std 1363 IEEE standard specifications for public-key cryptography
IEEE Std 1363a IEEE standard specifications for public-key cryptography - Amendment 1: Additional techniques
IEEE Std 1609.2-2016 IEEE standard for wireless access in vehicular environments (WAVE) - Security services for applications and management messages
IETF RFC 5639 Elliptic curve cryptography (ECC) brainpool standard curves and curve generation
FIPS-197 Advanced encryption standard
FIPS PUB 180 Secure hash standard
FIPS PUB 186-4 Digital signature standard
GM/T 0002 SM4 block cipher algorithm
GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves
GM/T 0004 SM3 cryptographic hash algorithm
GM/T 0015 Digital certificate format based on SM2 algorithm
NIST SP 800-38C Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality
NIST SP 800-56A Recommendation for pair-wise key establishment
3 Abbreviations
For the purposes of this document, the following abbreviations apply.
BM-SC Broadcast-Multicast Service Centre
BSF Bootstrapping Server Function
CA Certificate Authority
E-UTRAN Evolved UTRAN
GCSAS Group Communication System Application Server
LTE Long Term Evolution
MBMS Multimedia Broadcast/Multicast Service
NAF Network Application Function
PLMN Public Land Mobile Network
USS User Security Setting
V2I Vehicle to Infrastructure
V2N Vehicle to Network
V2P Vehicle to Pedestrian
V2V Vehicle to Vehicle
4 Vehicular communication architecture based on LTE
4.1 General
The vehicular communication architecture based on LTE system supports V2V application, V2I application, V2N application and V2P application, which can be used to provide users with various services such as road safety, traffic efficiency improvement and infotainment.
V2X communication is provided with two operation modes: PC5-based V2X communication and LTE-Uu-based V2X communication.
Wherein, the latter may be unicast or broadcast. The V2X equipment may receive and send messages using the two operation modes respectively. Example: a V2X equipment may receive V2X messages using downlink broadcast of LTE-Uu, but send V2X messages without using LTE-Uu. A V2X equipment may also receive V2X messages via LTE-Uu downlink unicast.
The V2X communication is based on PC5 reuses one-to-many ProSe for direct communication transmission procedure. The PC5-U protocol stack as defined in proximity communication is used for the V2X communication transmission based on PC5 interface.
The general technical requirements of security for V2X communication based on PC5 and LTE-Uu are prepared in this standard.
4.2 V2X communication architecture based on PC5 and LTE-Uu
4.2.1 V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios
Figure 1 shows the V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios.
Figure 1 V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios
4.2.2 V2X communication architecture based on PC5 and LTE-Uu in roaming scenarios
Figure 2 shows the V2X architecture based on PC5 and LTE-Uu in roaming scenarios, V2X equipment A home PLMNA, V2X equipment B home PLMNB, V2X equipment A roaming to PLMNB, and V2X equipment B non-roaming.
The V2X application server may be connected to multiple PLMNs. Example: a V2X application server may be connected to V2X control function entities in PLMN A or those in PLMN B.
Figure 1 V2X communication architecture based on PC5 and LTE-Uu in roaming scenarios
4.2.3 V2X communication architecture based on PC5 and LTE-Uu in cross-PLMN scenarios
Figure 3 shows the V2X architecture based on PC5 and LTE-Uu in cross-PLMN roaming scenarios, V2X equipment A home PLMN A, V2X equipment B home PLMN B, V2X equipment A roaming to PLMN C, and V2X equipment B non-roaming.
Figure 3 V2X architecture based on PC5 and LTE-Uu in cross-PLMN scenarios
4.2.4 Reference point
Reference points of V2X communication architecture based on PC5 and LTE-Uu contain:
——V1: the reference point between the V2X application (in the V2X equipment) and the V2X application server.
——V2: the reference point between the V2X application server and V2X control function. The V2X application server may be connected to multiple V2X control functions belonging to PLMN.
——V3: the reference point between the V2X equipment and the V2X control function in home PLMN. It is applicable to V2X communication based on PC5 and LTE-Uu; the V2X communication based on LTE-Uu may support MBMS optionally.
——V4: the reference point between the HSS and the V2X control function in the operator's network.
——V5: the reference point between the V2X applications of different V2X equipment.
——V6: the reference point between the V2X control functions in different PLMNs.
——PC5: the reference point for ProSe direct communication in user plane between the V2X equipment using V2X service.
——S6a: in the V2X scenario, MME can download subscription information related to V2X communication during E-UTRAN attach procedure or to inform the subscription information in the HSS to MME when the information is changed.
——S1-MME: in the V2X scenario, the reference point is used to send the V2X service authorization from MME to eNodeB.
——LTE-Uu: the reference point between the UE and the E-UTRAN.
4.3 V2X communication architecture based on MBMS and LTE-Uu
Figure 4 shows the V2X communication architecture based on MBMS and LTE-Uu.
Figure 4 V2X architecture based on MBMS and LTE-Uu
The reference points of this architecture are as follows:
——MB2: the reference point between V2X application server and BM-SC.
——SGmb/SGi-mb/M1/M3: the SGmb/SGi-mb/M1/M3 reference points in the MBMS system.
4.4 Vehicular communication security architecture based on LTE
4.4.1 Vehicular communication security protocol architecture based on LTE
The vehicular communication security based on LTE contains bearing security (PC5 security or LTE-UU security) and V2X application security. Figure 5 shows the V2X security architecture based on PC5, and Figure 6 shows the V2X security architecture based on LTE-UU.
Foreword i
1 Scope
2 Normative references
3 Abbreviations
4 Vehicular communication architecture based on LTE
4.1 General
4.2 V2X communication architecture based on PC5 and LTE-Uu
4.3 V2X communication architecture based on MBMS and LTE-Uu
4.4 Vehicular communication security architecture based on LTE
5 Requirements of security for vehicular communication based on LTE
5.1 General security requirements
5.2 Security requirements of network elements
6 Security procedure of V5 interface
6.1 General
6.2 Description of basic security elements
6.3 General requirements for security data structure
6.4 Public key certificate format
6.5 Message signature process
6.6 Message encryption process
6.7 Key agreement
7 Other interface security procedures
7.1 V2X communication security procedure between network elements
7.2 Security procedure of V3 interface
7.3 Security procedure of MB2 interface
Annex A (Normative) Algorithm description
Annex C (Informative) Public key certificate management
Annex D (Informative) V5 interface data message
Annex E (Informative) Key agreement calculation process
Annex F (Informative) Certificate request and response
Annex G (Informative) Allocation suggestions on security-related AID value
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by and is under the jurisdiction of China Communications Standards Association.
General technical requirements of security for vehicular communication based on LTE
1 Scope
This standard specifies the general technical requirements, interface security requirements and security procedure of security for vehicular communication based on LTE.
It is applicable to vehicular communication system based on LTE.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced documents (including any amendments) applies.
GB/T 37376-2019 Transportation - Digital certificate format
GB/T 37374-2019 Intelligent transport - Digital certificate application interface
3GPP TS 33.210 3G security; Network domain security (NDS); IP network layer security
3GPP TS 33.223 Generic authentication architecture (GAA); Generic bootstrapping architecture (GBA) push function
3GPP TS 33.246 3G security; Security of multimedia broadcast / multicast service (MBMS)
IEEE Std 1363 IEEE standard specifications for public-key cryptography
IEEE Std 1363a IEEE standard specifications for public-key cryptography - Amendment 1: Additional techniques
IEEE Std 1609.2-2016 IEEE standard for wireless access in vehicular environments (WAVE) - Security services for applications and management messages
IETF RFC 5639 Elliptic curve cryptography (ECC) brainpool standard curves and curve generation
FIPS-197 Advanced encryption standard
FIPS PUB 180 Secure hash standard
FIPS PUB 186-4 Digital signature standard
GM/T 0002 SM4 block cipher algorithm
GM/T 0003 Public key cryptographic algorithm SM2 based on elliptic curves
GM/T 0004 SM3 cryptographic hash algorithm
GM/T 0015 Digital certificate format based on SM2 algorithm
NIST SP 800-38C Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality
NIST SP 800-56A Recommendation for pair-wise key establishment
3 Abbreviations
For the purposes of this document, the following abbreviations apply.
BM-SC Broadcast-Multicast Service Centre
BSF Bootstrapping Server Function
CA Certificate Authority
E-UTRAN Evolved UTRAN
GCSAS Group Communication System Application Server
LTE Long Term Evolution
MBMS Multimedia Broadcast/Multicast Service
NAF Network Application Function
PLMN Public Land Mobile Network
USS User Security Setting
V2I Vehicle to Infrastructure
V2N Vehicle to Network
V2P Vehicle to Pedestrian
V2V Vehicle to Vehicle
4 Vehicular communication architecture based on LTE
4.1 General
The vehicular communication architecture based on LTE system supports V2V application, V2I application, V2N application and V2P application, which can be used to provide users with various services such as road safety, traffic efficiency improvement and infotainment.
V2X communication is provided with two operation modes: PC5-based V2X communication and LTE-Uu-based V2X communication.
Wherein, the latter may be unicast or broadcast. The V2X equipment may receive and send messages using the two operation modes respectively. Example: a V2X equipment may receive V2X messages using downlink broadcast of LTE-Uu, but send V2X messages without using LTE-Uu. A V2X equipment may also receive V2X messages via LTE-Uu downlink unicast.
The V2X communication is based on PC5 reuses one-to-many ProSe for direct communication transmission procedure. The PC5-U protocol stack as defined in proximity communication is used for the V2X communication transmission based on PC5 interface.
The general technical requirements of security for V2X communication based on PC5 and LTE-Uu are prepared in this standard.
4.2 V2X communication architecture based on PC5 and LTE-Uu
4.2.1 V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios
Figure 1 shows the V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios.
Figure 1 V2X communication architecture based on PC5 and LTE-Uu in non-roaming scenarios
4.2.2 V2X communication architecture based on PC5 and LTE-Uu in roaming scenarios
Figure 2 shows the V2X architecture based on PC5 and LTE-Uu in roaming scenarios, V2X equipment A home PLMNA, V2X equipment B home PLMNB, V2X equipment A roaming to PLMNB, and V2X equipment B non-roaming.
The V2X application server may be connected to multiple PLMNs. Example: a V2X application server may be connected to V2X control function entities in PLMN A or those in PLMN B.
Figure 1 V2X communication architecture based on PC5 and LTE-Uu in roaming scenarios
4.2.3 V2X communication architecture based on PC5 and LTE-Uu in cross-PLMN scenarios
Figure 3 shows the V2X architecture based on PC5 and LTE-Uu in cross-PLMN roaming scenarios, V2X equipment A home PLMN A, V2X equipment B home PLMN B, V2X equipment A roaming to PLMN C, and V2X equipment B non-roaming.
Figure 3 V2X architecture based on PC5 and LTE-Uu in cross-PLMN scenarios
4.2.4 Reference point
Reference points of V2X communication architecture based on PC5 and LTE-Uu contain:
——V1: the reference point between the V2X application (in the V2X equipment) and the V2X application server.
——V2: the reference point between the V2X application server and V2X control function. The V2X application server may be connected to multiple V2X control functions belonging to PLMN.
——V3: the reference point between the V2X equipment and the V2X control function in home PLMN. It is applicable to V2X communication based on PC5 and LTE-Uu; the V2X communication based on LTE-Uu may support MBMS optionally.
——V4: the reference point between the HSS and the V2X control function in the operator's network.
——V5: the reference point between the V2X applications of different V2X equipment.
——V6: the reference point between the V2X control functions in different PLMNs.
——PC5: the reference point for ProSe direct communication in user plane between the V2X equipment using V2X service.
——S6a: in the V2X scenario, MME can download subscription information related to V2X communication during E-UTRAN attach procedure or to inform the subscription information in the HSS to MME when the information is changed.
——S1-MME: in the V2X scenario, the reference point is used to send the V2X service authorization from MME to eNodeB.
——LTE-Uu: the reference point between the UE and the E-UTRAN.
4.3 V2X communication architecture based on MBMS and LTE-Uu
Figure 4 shows the V2X communication architecture based on MBMS and LTE-Uu.
Figure 4 V2X architecture based on MBMS and LTE-Uu
The reference points of this architecture are as follows:
——MB2: the reference point between V2X application server and BM-SC.
——SGmb/SGi-mb/M1/M3: the SGmb/SGi-mb/M1/M3 reference points in the MBMS system.
4.4 Vehicular communication security architecture based on LTE
4.4.1 Vehicular communication security protocol architecture based on LTE
The vehicular communication security based on LTE contains bearing security (PC5 security or LTE-UU security) and V2X application security. Figure 5 shows the V2X security architecture based on PC5, and Figure 6 shows the V2X security architecture based on LTE-UU.
Contents of YD/T 3594-2019
Foreword i
1 Scope
2 Normative references
3 Abbreviations
4 Vehicular communication architecture based on LTE
4.1 General
4.2 V2X communication architecture based on PC5 and LTE-Uu
4.3 V2X communication architecture based on MBMS and LTE-Uu
4.4 Vehicular communication security architecture based on LTE
5 Requirements of security for vehicular communication based on LTE
5.1 General security requirements
5.2 Security requirements of network elements
6 Security procedure of V5 interface
6.1 General
6.2 Description of basic security elements
6.3 General requirements for security data structure
6.4 Public key certificate format
6.5 Message signature process
6.6 Message encryption process
6.7 Key agreement
7 Other interface security procedures
7.1 V2X communication security procedure between network elements
7.2 Security procedure of V3 interface
7.3 Security procedure of MB2 interface
Annex A (Normative) Algorithm description
Annex C (Informative) Public key certificate management
Annex D (Informative) V5 interface data message
Annex E (Informative) Key agreement calculation process
Annex F (Informative) Certificate request and response
Annex G (Informative) Allocation suggestions on security-related AID value
