IDnomic C-ITS PKI
Collaborative Intelligent Transport Systems (C-ITS) PKI for a connected, smarter, and safer traffic
The C-ITS standardization defined as a prerequisite for interoperability, the use of public key infrastructures known as CITS PKIs. The C-ITS PKI issues digital certificates to On Board Units (OBUs) and Road Side Units (RSUs). The use of these certificates by the stations enables secure Vehicle to Vehicle and Vehicle to Infrastructure (commonly known as V2X) communication. The C-ITS PKI has been designed to meet several requirements, especially making it possible to:
- React instantaneously on unexpected road events to enhance road safety.
- Authenticate via digital certificates stations delivering C-ITS services.
- Protect data and communication between stations with certificate based digital signature
- Know which messages to trust or to ignore in an automated way.
- Block a misbehaving station if necessary.
- Preserve privacy by making it impossible to track the movements of an OBU through certificate pseudonymization.
The certificate format specified in both the ETSI and IEEE standards is the same but it does not correspond to the well-known X.509 format used in classic PKI implementations. It is based on simple and optimized data structures so that stations can quickly parse and process a certificate.
IDnomic C-ITS PKI supports both European and North American standards’ PKI architectures:
In particular, the following key components are implemented:
- Root Authority: Issuing certificates of its Sub-CAs, the Enrolment and Authorization Authorities.
- Enrolment Authority (EA): Used to register stations and issues long-term certificates named Enrolment Certificates (EC), receives and answers to validation requests sent by the Authorization Authority.
- Authorization Authority (AA): Issues short-term certificates named Authorization Tickets (AT) to the stations, receives and answers to certificate requests sent by the C-ITS stations.
- Distribution Center (DC): Directory service providing CA certificates, subscriber certificates, certificate trust lists, and revocation lists for download.
- Registration Authority (RA): Central permission validation and distribution point between the C-ITS stations and the CAs (only for the US PKI scheme)
IDnomic C-ITS PKI supports the main EU and US C-ITS standards:
- ETSI TS 102940, 102941 and 103097 for Europe
- IEEE 1609.2.1 for North America