press release
Together with the Federal Highway Research Institute (BASt), TÜV Informationstechnik (TÜVIT) has developed a protection profile for a Roadside ITS Station Gateway (RGW). It forms the basis for the safe use of cooperative intelligent transport systems.
An approaching traffic jam, a traffic light jumping or an imminent dangerous situation: vehicles that communicate with each other and with the roadside infrastructure and inform drivers on an event-driven basis represent the networked mobility of tomorrow. However, it is extremely important that the underlying information and communication technology is secure and trustworthy. This is because traffic data is processed and transmitted and must be protected against manipulation. For this reason, TÜVIT, together with the Federal Highway Research Institute, has developed a protection profile for a Roadside ITS Station Gateway in accordance with Common Criteria (CC) (BSI-CC-PP-0122-2024).
The RGW is an essential (software) component of a Roadside ITS Station (R-ITS-S), i.e. an electronic device that is mounted on traffic lights, variable message signs or mobile roadworks warning devices, for example. It sends messages to vehicles to warn them of certain events (e.g. roadworks) or to inform them about road traffic. The R-ITS-S also receives messages to analyse the traffic flow, for example.
The information in the transmitted messages can originate from sensors or have been transmitted by a traffic control centre. The R-ITS-S thus serves as an important interface for communication between different traffic telematics systems. Manufacturers can now prove that this communication and the exchange of information behind it are secure by means of an evaluation and certification based on the newly developed protection profile "Protection Profile for a Roadside ITS Station Gateway". It contains the minimum requirements that are placed on the security functionalities of an RGW, such as cryptography or authentication.
"The protection profile developed by us together with the Federal Highway Research Institute forms an important cornerstone for the secure use of cooperative intelligent transport systems (C-ITS) and is a milestone for the direct networking of vehicles with the transport infrastructure," says Maximilian Wahner, IT security expert for software testing at TÜVIT. "In view of the fact that it is also one of the first protection profiles worldwide in accordance with the new Common Criteria version CC:2022, it also has a particularly pioneering character."
The protection profile was developed and harmonised with public and private partners from a total of 19 European member states in the context of the EU-funded C-Roads platform. In future, it will enable full conformity with the relevant policy documents of the European Commission, which require the certification of C-ITS stations according to Common Criteria.
With the publication of BSI-CC-PP-0122-2024, the future minimum standards for the security of the software components of Roadside ITS Station Gateways have been officially set. As a test centre recognised by the German Federal Office for Information Security (BSI), TÜVIT is now carrying out CC security evaluations in accordance with the new protection profile and supporting manufacturers on the path to successful certification.
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.
