Service Specific Permissions and Security Guidelines for Connected Vehicle Applications
- Ground Vehicle Standard
- J2945/5_202002
- Issued
Sector:
Issuing Committee:
Language:
English
Scope
SAE is developing a number of standards, including the SAE J2945/x and SAE J3161/x series, that specify a set of applications using message sets from the SAE J2735 data dictionary. (“Application” is used here to mean “a collection of activities including interactions between different entities in the service of a collection of related goals and associated with a given IEEE Provider Service Identifier (PSID)”). Authenticity and integrity of the communications for these applications are ensured using digital signatures and IEEE 1609.2 digital certificates, which also indicate the permissions of the senders using Provider Service Identifiers (PSIDs) and Service Specific Permissions (SSPs). The PSID is a globally unique identifier associated with an application specification that unambiguously describes how to build interoperable instances of that application. If the application features multiple activities such that different activities have different security impacts, correspond to different roles, or require different capabilities, then the application specifier should define an SSP data structure such that the contents of the SSP in a given certificate indicate which activities the certificate holder is entitled to carry out.
This document establishes a security systems engineering process that can be used by future application specifiers to (1) determine which fields and activities should be subject to SSP constraints, and (2) specify a syntax and semantics for the SSPs for that application. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.
Rationale
The Technical Committees under the SAE Vehicle to Everything (V2X) Steering Committee are developing a series of standards that specify a set of applications that use message sets from the SAE J2735 data dictionary. The communications for these applications are secured using digital signatures and IEEE 1609.2 digital certificates, which indicate the permissions of the senders using Provider Service Identifiers (PSID) and (optionally) Service Specific Permissions (SSPs). The PSID in a certificate governs the certificate holder’s permissions to engage in any communications activities associated with that application; the SSP allows more specific statements of the holder’s permissions within the universe of that application. For any given application based on SAE J2735, a complete application specification will include a specification of how the contents of the PSID and (if present) SSP fields in a given certificate correspond to the application activities that certificate holder is entitled to carry out. This document establishes principles that can be used by future application specifiers to (1) specify the syntax of SSPs, and (2) determine which fields and activities should be subject to SSP constraints. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.
Recommended Content
Topic
Data Sets - Support Documents
| Title | Description | Download |
|---|---|---|
| Unnamed Dataset 1 | ||
| Unnamed Dataset 2 | ||
| Unnamed Dataset 3 | ||
| Unnamed Dataset 4 | ||
| Unnamed Dataset 5 | ||
| Table 1 | Risk analysis: | |
| Table 2 | Entity activity groups: | |
| Unnamed Dataset 8 | ||
| Table 3 | Entity activity groups: | |
| Unnamed Dataset 10 | ||
| Table A1 | Risk analysis: weather data collection | |
| Table A2 | Risk analysis: provide weather-related traveler information | |
| Table A3 | Risk analysis: manage roadway treatment plans | |
| Table A4 | Entity activity groups: road weather reporting |
Issuing Committee
V2X Security Technical Committee
Over-the-air security
Reference
| Number | Title |
|---|
* Redlines comparisons are available for those standards
listed in the Revision History that contain a radio button. A
redline comparison of the current version against a revision is
accomplished by selecting the radio button next to the standard and
then selecting 'compare'. At this time, Redline versions only exist
for some AMS standards. SAE will continue to add redline versioning
with ongoing updates to SAE MOBILUS.