Your C-ITS solution tested for security
The automotive world of tomorrow will be defined by vehicles that not only communicate with each other, but also with the roadside infrastructure and other road users. Cooperative Intelligent Transport Systems (C-ITS) and Car2X communication already represent the future of intelligent vehicle networking today. The centerpiece: trustworthy and above all secure information and communication technology.
We support you on your way to an IT-secure C-ITS solution: from planning or further development, through testing, to successful certification according to the security requirements of the European Commission.
Our services in the field of C-ITS at a glance
Project-specific workshops in preparation for C-ITS certification.
Accompaniment & support for the development of a public key infrastructure (PKI).
Analysis / evaluation
Evaluation of applied security procedures & classification of the current security level.
Certification / conformity assessment
Review of the processes & documentation according to the security requirements of the EU Commission.
C-ITS Stations: Evaluation & Certification according to Common Criteria
Everything from a single source: in addition to these services, we also offer you the required evaluation & certification of the C-ITS stations and crypto modules according to the common criteria and the relevant protection profiles. C-ITS stations include fixed (e.g. road signs) or mobile entities (e.g. cars) in road traffic which are created by corresponding manufacturers.
Instances that we examine within the Framework of C-ITS
As an "Accredited PKI Auditor" we audit Root-CAs, Enrolment Authorities (EA) and Authorization Authorities (AA) according to the Certificate Policy (CP) and therefore according to Annex 3 of the Delegated Act (DA).
The Root CA is the root certification authority that forms the trust anchor for the EA and AA and authorizes EA or AA to issue certificates below the Root CA.
The EA authenticates the C-ITS stations and enables them to access the ITS communication (towards the AA). For this purpose, the C-ITS station is authorized by the Enrolment Credential (EC), which the EA sends to the C-ITS station after successful authentication.
The AA issues binding proof for the C-ITS station that certain ITS services may be used. For this purpose, the C-ITS station is authorized by the Authorization Ticket (AT), which the AA sends to the C-ITS station on the basis of the trust in the EA.
C-ITS Trust Model
These 3 instances are integrated into the "C-ITS trust model", which represents a system that is responsible for the trust between the C-ITS stations. This is a Public Key Infrastructure (PKI) consisting of Root-CAs, the C-ITS Point Of Contact (CPOC), the Trust List Manager (TLM), Enrolment Authorities (EAs), Authorization Authorities (AAs) and a secure network.
Within this context, the respective instances represent not only individual PKI components, but are in part an organization – each for itself – in the form of a commercial unit, a common interest group, a national and/or European organization.
Your benefits at a glance
- Objective proof of the fulfillment of European IT specifications
- Proof that your security measures are targeted, effective and used sustainably
- Identification & elimination of vulnerabilities and reduction of IT risks
- Increase in trust among customers & partners
- Continuous improvement of the IT security of your C-ITS solution
- The successful auditing process is the prerequisite for the inclusion of the Root-CA in the European Certificate Trust List (ECTL)
C-ITS: What are the advantages of testing or certification?
C-ITS services are essentially based on communication technologies that enable them to communicate with vehicles, roadside infrastructures or other road users in pseudonymized form. With a test or the certification of your C-ITS solution, you provide objective proof that this communication and the exchange of information behind it satisfies the security requirements of the European Commission.
The basis of the testing and certification procedures is the Delegated Act supplementing Directive 2010/40/EU, which was published by the EU Commission in March 2019. This contains precise specifications for the provision of C-ITS solutions and therefore describes the minimum legal requirements for the interoperability of C-ITS.
The Delegated Act is not yet compulsory. For this reason, with C-ITS certification you are taking on a decisive pioneering role and are actively contributing to making the networked road traffic of the future more (IT) secure.