A Security Analysis of the ETSI ITS Vehicular Communications

  • Alexandru Constantin SerbanEmail author
  • Erik Poll
  • Joost Visser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


This paper analyses security aspects of the ETSI ITS standard for co-operative transport systems, where cars communicate with each other (V2V) and with the roadside (V2I) to improve traffic safety and make more efficient use of the road system. We focus on the initial information exchange between vehicles and the road side infrastructure responsible for authentication and authorisation, because all the security aspects for these interactions are regulated in the ETSI ITS standards. Other services running in vehicular networks are open to choose application-specific security requirements and implement them using features from the ETSI ITS standard. We note some possibilities for replay attacks that, although they have limited impact, could be prevented using simple techniques, some of which are directly available in the ETSI ITS standard.


Intelligent vehicles Security Access control 


  1. 1.
    Al Alam, A., Gattami, A., Johansson, K.H.: An experimental study on the fuel reduction potential of heavy duty vehicle platooning. In: IEEE 13th International Conference on Intelligent Transportation Systems (ITSC) (2010)Google Scholar
  2. 2.
    Janssen, R., Zwijnenberg, H., Blankers, I., de Kruijff, J.: Truck platooning: driving the future of transportation (2015). TNO Whitepaper
  3. 3.
    Davila, A., del Pozo, E., Aramburu, E., Freixas, A.: Environmental benefits of vehicle platooning. Technical report, SAE Technical Paper (2013)Google Scholar
  4. 4.
    Bergenhem, C., Shladover, S., Coelingh, E., Englund, C., Tsugawa, S.: Overview of platooning systems. In: 19th ITS World Congress (2012)Google Scholar
  5. 5.
    Kianfar, R., Augusto, B., Ebadighajari, A., Hakeem, U., Nilsson, J., Raza, A., Tabar, R.S., Irukulapati, N.V., Englund, C., Falcone, P., et al.: Design and experimental validation of a cooperative driving system in the grand cooperative driving challenge. IEEE Trans. Intell. Transp. Syst. 13(3), 994–1007 (2012)CrossRefGoogle Scholar
  6. 6.
    ETSI: ETSI TS 103 097 (V1.1.1) - security header and certificate formats (2017).
  7. 7.
    ETSI: ETSI TR 102 638 (V1.1.1) - vehicular communications; basic set of applications (2009).
  8. 8.
    ETSI: ETSI TS 102 731 (V1.1.1) - security services and architecture (2010).
  9. 9.
    ETSI: ETSI TS 102 940 (V1.1.1) - its communications security architecture and security management (2012).
  10. 10.
    ETSI: ETSI TS 102 941 (V1.1.1) - trust and privacy management (2012).
  11. 11.
  12. 12.
    ETSI: ETSI TS 102 943 (V1.1.1) - confidentiality services (2012).
  13. 13.
    Kaloper-Mersinjak, D., Mehnert, H., Madhavapeddy, A., Sewell, P.: Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation. In: 24th USENIX Security Symposium (2015)Google Scholar
  14. 14.
    Poll, E., Schubert, A.: Verifying an implementation of SSH. In: WITS 2007 (2007)Google Scholar
  15. 15.
    De Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: USENIX Security Symposium (2015)Google Scholar
  16. 16.
    ETSI: ETSI TS 102 867 (V1.1.1) - stage 3 mapping for IEEE 1609.2 (2012).
  17. 17.
    Bittl, S.: Towards solutions for current security related issues in ETSI ITS. In: Mendizabal, J., Berbineau, M., Vinel, A., Pfletschinger, S., Bonneville, H., Pirovano, A., Plass, S., Scopigno, R., Aniss, H. (eds.) Nets4Cars/Nets4Trains/Nets4Aircraft 2016. LNCS, vol. 9669, pp. 136–148. Springer, Cham (2016). Scholar
  18. 18.
    Bittl, S., Roscher, K.: Feasibility of Verify-on-Demand in VANETs (2016)Google Scholar
  19. 19.
    Nowdehi, N., Olovsson, T.: Experiences from implementing the ETSI ITS SecuredMessage service. In: IEEE Intelligent Vehicles Symposium (IV 2018) (2014)Google Scholar
  20. 20.
    Poll, E.: LangSec revisited: input security flaws of the second kind. In: IEEE 5th Workshop on Language-Theoretic Security (LangSec 2018), Security and Privacy Workshops (SPW) (2018)Google Scholar
  21. 21.
    Verheul, E.R.: Issue First Activate Later certificates for V2X - combining ITS efficiency with privacy (2016).
  22. 22.
    Fiterău-Broştean, P., Lenaerts, T., Poll, E., de Ruiter, J., Vaandrager, F., Verleg, P.: Model learning and model checking of SSH implementations. In: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software. ACM (2017)Google Scholar
  23. 23.
    Serban, A.C., Poll, E., Visser, J.: Tactical safety reasoning. a case for autonomous vehicles. In: IEEE International Workshop on Connected, Automated and Autonomous Vehicles (Ca2V) (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Alexandru Constantin Serban
    • 1
    • 2
    Email author
  • Erik Poll
    • 1
  • Joost Visser
    • 1
    • 2
  1. 1.Radboud UniversityNijmegenThe Netherlands
  2. 2.Software Improvement GroupAmsterdamThe Netherlands

Personalised recommendations