ODOT Cooperative ITS Credentials Management System
Status: Planned
Description
The 'Cooperative ITS Credentials Management System' (CCMS) is a high–level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
Stakeholders
| Stakeholder | Role | Role Status |
|---|
| DriveOhio | Owns | Planned |
|---|
Physical Objects
Functional Objects
| Functional Object | Description | User Defined |
|---|
| CCMS Authorization | 'CCMS Authorization' components provide authorization credentials (e.g., pseudonym certificates) to end entities. The end entity applies for and obtains authorization credentials, enabling the end entity to enter the "Operational" state. This function requires an interactive dialog, including at minimum a Certificate Request from the end entity desiring certificates. This request will be checked for validity, with the embedded enrollment certificate checked against an internal blacklist. If all checks are passed, this function will distribute a bundle of linked pseudonym certificates suitable for use by the requesting end entity, with the characteristics and usage rules of those certificates dependent on the operational policies of the CCMS. It also provides the secure provisioning of a given object's Decryption Key in response to an authorized request from that object. The retrieved Decryption Key will be used by the receiving object to decrypt the "next valid" batch within the set of previously retrieved Security Credential batches. | False |
|---|
| CCMS Enrollment | 'CCMS Enrollment' components provide enrollment credentials to end entities. The end entity applies for and obtains enrollment credentials that can be used to communicate with other CCMS components, entering the "Unauthorized" state. CCMS Enrollment components also participate in de–registration processes through interaction with CCMS Revocation components. | False |
|---|
| CCMS Misbehavior Reporting and Action | 'CCMS Misbehavior Reporting and Action' components process misbehavior reports from end entities. Misbehavior reports are analyzed and investigated if warranted. Investigated misbehavior reports are correlated with end entities and systemic issues are identified. If revocation is warranted, this component provides information to Authorization or Revocation components to initiate revocation and/or blacklisting, as appropriate. | False |
|---|
| CCMS Provisioning | 'CCMS Provisioning' components provide the end entity with material that allows it to enter the 'Unenrolled' state. This consists of root certificates and the crypto material that allows it to communicate securely with the Enrollment components. This function ensures the requesting entity meets requirements for provisioning and provides the certificates and relevant policy information to entities that meet the requirements. | False |
|---|
| CCMS Revocation | 'CCMS Revocation' components generate the internal blacklist and Certificate Revocation List (CRL) and distribute them to other CCMS components and end entities. Once placed on the CRL, an end entity is in the Unauthorized state. Once placed on the blacklist, an end entity is in the Unenrolled state. | False |
|---|
| ITS Communications Support | 'ITS Communications Support' provides means to send and receive messages to and from other ITS Objects. It provides mechanisms for scheduling and prioritizing communications traffic. It may also provide relay functions. | False |
|---|
Physical Standards
| Document Number | Title | Description |
|---|
| ISO 21217 | Intelligent transport systems –– Communications access for land mobiles (CALM) –– Architecture | ISO 21217 describes the communications reference architecture of nodes called "ITS station units" designed for deployment in ITS communication networks. While it describes a number of ITS station elements, whether or not a particular element is implemented in an ITS station unit depends on the specific communication requirements of the implementation. It also describes the various communication modes for peer–to–peer communications over various networks between ITS communication nodes. These nodes may be ITS station units as described in the document or any other reachable nodes. ISO 21217 specifies the minimum set of normative requirements for a physical instantiation of the ITS station based on the principles of a bounded secured managed domain. |
|---|
| NIST FIPS PUB 140–2 | Security Requirements for Cryptographic Modules | This Federal Information Processing Standard (140–2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self–tests; design assurance; and mitigation of other attacks. |
|---|
Interfaces To
(View Context Diagram)