Service Specific Permissions and Security Guidelines for Connected Vehicle Applications
J2945/5_202002
SAE is developing a number of standards, including the SAE J2945/x and SAE J3161/x series, that specify a set of applications using message sets from the SAE J2735 data dictionary. (“Application” is used here to mean “a collection of activities including interactions between different entities in the service of a collection of related goals and associated with a given IEEE Provider Service Identifier (PSID)”). Authenticity and integrity of the communications for these applications are ensured using digital signatures and IEEE 1609.2 digital certificates, which also indicate the permissions of the senders using Provider Service Identifiers (PSIDs) and Service Specific Permissions (SSPs). The PSID is a globally unique identifier associated with an application specification that unambiguously describes how to build interoperable instances of that application. If the application features multiple activities such that different activities have different security impacts, correspond to different roles, or require different capabilities, then the application specifier should define an SSP data structure such that the contents of the SSP in a given certificate indicate which activities the certificate holder is entitled to carry out.
This document establishes a security systems engineering process that can be used by future application specifiers to (1) determine which fields and activities should be subject to SSP constraints, and (2) specify a syntax and semantics for the SSPs for that application. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.
Rationale:
The Technical Committees under the SAE Vehicle to Everything (V2X) Steering Committee are developing a series of standards that specify a set of applications that use message sets from the SAE J2735 data dictionary. The communications for these applications are secured using digital signatures and IEEE 1609.2 digital certificates, which indicate the permissions of the senders using Provider Service Identifiers (PSID) and (optionally) Service Specific Permissions (SSPs). The PSID in a certificate governs the certificate holder’s permissions to engage in any communications activities associated with that application; the SSP allows more specific statements of the holder’s permissions within the universe of that application. For any given application based on SAE J2735, a complete application specification will include a specification of how the contents of the PSID and (if present) SSP fields in a given certificate correspond to the application activities that certificate holder is entitled to carry out. This document establishes principles that can be used by future application specifiers to (1) specify the syntax of SSPs, and (2) determine which fields and activities should be subject to SSP constraints. It also addresses the development of SSPs for scenarios not addressed in the original application specification; for example, arising from regional extensions, changes in application functionality, or future expansions of the base SAE J2735 standard.
Related Topics:
Systems engineering
Intelligent transportation Systems
Vehicle to vehicle (V2V)
Connectivity
Cybersecurity
Also known as: SAE J 2945/5
SAE MOBILUS
Subscribers can view annotate, and download all of SAE's content.
Learn More »