Oct 29, 2020
C-ITS is a technology that allows vehicles to communicate digitally with the road infrastructure. To exchange security-relevant traffic information via Internet, a secure and reliable exchange must be guaranteed and protective mechanisms - for example against cyber attacks - must be developed. For this purpose so-called security certificates are currently being developed.
(Security) certificates are used to ensure communication between two persons or vehicles on several levels. On the one hand, a certificate should guarantee secure, i.e. trustworthy, communication. That means the certificate is the proof that the person who tries to reach me is actually the person I want to communicate with. Another aspect of certificates is the security of data against manipulation, so one can rely on the transmitted information. In all aspects of C-IST data protection must always be considered. Theoretically, vehicle-to-vehicle communication can be used to determine the location of a vehicle and the distance it has traveled. In order to ensure data protection for the driver, a system with changing certificates has been developed in the EU over the last five years and is currently being tested. This means that a vehicle is assigned a number of certificates and these change at regular intervals to prevent the vehicle from being tracked continuously.
There are pan-European main certification centers that can provide certificates for different authorities, these are called root certification centers. All trusted certification centers are listed on a so-called "Trust List" and approved by the European C-ITS Contact Point (CPOC). This is, so to speak, the trust basis on which the further certificate change is built.
In addition to the root certification authorities, two other authorities exist: the so-called Enrolment Authority and the Authorization Authority. These two authorities are there to make it more difficult to continuously track a specific vehicle with C-ITS. This is achieved with the process shown in the figure: The Enrolment Authority provides the ITS station with enrolment credentials. The ITS station uses these credentials to request authorized certificates from the Authorization Authority. Once everything has been checked and is correct, the ITS station receives a set of authorized certificates that it may use to sign C-ITS messages. These certificates are changed regularly (at short intervals, e.g. every three minutes or every 500 meters) and make it difficult to track a vehicle on its route.
As part of the C-Roads project, AustriaTech assisted in the development of the certificate process. AustriatTech also assisted in the operational rollout by regularly coordinating with future. In addition, AustriaTech has been registered with the European root certificate authority since 2020 and thus receives corresponding certificates required for testing C-ITS services with the company's own Mobile Lab. The Mobile Lab is a vehicle equipped with various devices for sending and receiving C-ITS messages. It is currently being used intensively to verify that C-ITS messages are sent correctly and interoperably.
The knowledge of the certificates will additionally be contributed to the two Horizon 2020 projects SerIoT and ICT4CART to support their developments in the field of cyber security. 
© ETSI 2018
Quelle: ETSI TS 102 940, V1.3.1 Figure 11, 2018, S. 33
