Page tree
Skip to end of metadata
Go to start of metadata
Target release

Release 1.0

Document owner
Reviewer

Goals

The goal is to define messages and other requirements for an RSE to request an application certificate.

Background and Strategic Fit

The RSE decides to request an application certificate from its preconfigured RA.

Having determined which RA to submit the request to, the RSE creates a request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA. The RA checks to make sure that the request is correct and authorized.

RSE will attempt to download the local certificate chain file (LCCF) and the local policy file (LPF) before submitting the request. Note that any EE should download the local policy file and local certificate chain file each time it connects to RA.

Assumptions

The RSE has successfully completed Use Case 12: RSE Bootstrapping (Manual).

Process Steps

  1. The RSE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF) using the API documented in RA - Download local policy file and RA - Download Local Certificate Chain File
    1. If there is an updated LCCF, the RSE applies all changes to its trust-store (necessary for PCA Certificate Validations)
    2. If there is an updated LPF, the RSE applies those changes
  2. The RSE creates the request, signs it with the enrollment certificate, encrypts the signed request to the RA and sends it to the RA using the API documented in RA - Request Application Certificate Provisioning
  3. The RA ensures that the certificate batch request is correct and authorized, before it starts Step 13.2: Generate RSE Application Certificate

Error Handling 

  1. The RSE will abandon further interactions with the RA after a certain number of failed communication attempts result in errors.

Requirements

Key Status Summary Description justification notes Component/s
Loading...
Refresh

Use Case 13.1 - Requirements

Design

RSE-RA Communication

EE Request

The EE initiates the certificate request message in order to provide the RA with critical information (key parameters, current time, etc.) necessary for RSE application certificate generation. EE will send a certificate request message each time it requires a new certificate. 

Security / Privacy

The Certificate Provisioning Request message shall use signing and encryption to ensure:

  • The request has not been modified in transit
  • The RA can verify the message came from the device
  • The request is shared confidentially between the device and RA

The EE shall sign the request with the enrollment certificate. The EE shall also encrypt the request using the RA certificate and encapsulate in a 1609.2 frame of type encrypted. 

Message Contents

The EE shall use the ASN.1 defined for creating the request certificate message, details can be found at RA - Request Application Certificate Provisioning. In order for a request to be validated by the RA, the EE shall include the following information in the certificate provisioning request message:

  • Version
  • EE enrollment certificate
  • A signed certificate signature key (signed with enrollment certificate)
  • A response encryption key that PCA would use to encrypt the issued certificate to EE
  • Optionally: a certificate encryption key that PCA would include in the issued certificate
  • Current device time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
  • Requested certificate start time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)

RA Response

The RA response to the certificate provisioning request message may be accept (indicated by a request acknowledgement) or reject (indicated by a HTTP 500). In case of reject, RA shall return error code "HTTP 500" to EEs. Specific error codes should be hidden from EEs and not provide useful information to malicious actors. The RA shall log the specific error for future investigation.

RA - EE Request Acknowledgement

The request acknowledge message is initiated by the RA in response to a certificate provisioning request message successfully received from the EE. If the EE request is received and processed without triggering an error (invalid signature, blacklisted, etc.), the RA processes the certificate request and begins certificate pre-generation. The request acknowledge message provides the EE with an URL and the time where and at which the first certificate batches will be available for download.

Security / Privacy

The request acknowledge message shall use signing and encryption to ensure:

  • The request has not been modified in transit
  • The device can verify that the message came from the RA
  • The request is shared confidentially between the device and RA

The RA shall sign and encrypt the request acknowledge message using the RA certificate and encapsulate in a 1609.2 frame of type encrypted. 

Message Contents

The RA shall use the ASN.1 defined for creating the request acknowledge message in RA - Request Application Certificate Provisioning and shall include the following information:

  • Case: Certificate Provisioning Request Accept
    • Version
    • Low order 8-bytes of the SHA-256 hash of the encoded "ToBeSigned" certificate request from the device. Returns 0 if RA cannot calculate hash of the original request
    • Time at which the first certificate file will be available for download (represented by IEEE 1609.2 Time32)
    • URL of the certificate repository (common for all devices serviced by an specific RA)
  • Case: Certificate Provisioning Request Reject
    • HTTP-500 Error Code

EE Response

If the RA provides a positive acknowledgement (accept) to a certificate provisioning request, the EE moves forward with the certificate download process using the provided URL given in the acknowledge message.

If the EE does not receive an acknowledgement from the RA in response to the request within defined time, EE should retry. Several conditions may necessitate the EE sending the request more than once. This may be due to:

  • Request lost in transit (no TCP ack)
  • RA offline, unavailable or RA network address has changed (EE must query DNS for latest RA network information)
  • EE possesses an invalid RA certificate and cannot establish secure communications
  • EE received HTTP-500 Error Code

The EE should not attempt to transmit the Request Certificate message without completing the prerequisites.

ASN.1 Specification

 Expand source
master  SCMS/scms-asn
 Copy
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
--
--     http://www.apache.org/licenses/LICENSE-2.0
--
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
--

-------------------------------------------------------------------------------
-- EE-RA 
--
-- The structures in this file define the protocol for messages between an
-- EE (OBE or RSE) and the RA for the purposes of 
-- a) requesting and receiving the RA certificate in the event that the EE 
-- possess an expired or invalid RA certificate, as an alternative method
-- to aquiring the RA certificate through the DCM,
-- b) requesting a batch of pseudonym certificates, identity certificates
-- or application certificates
-- Both of these processes are initiated by the EE, possibly with the aid
-- of a DCM.  
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609Dot2EndEntityRaInterface
Ieee1609Dot2EndEntityRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)}

DEFINITIONS AUTOMATIC TAGS ::= BEGIN

EXPORTS ALL;

IMPORTS
  EccP256CurvePoint,
  Hostname,
  HashedId8,
  PublicEncryptionKey,
  PublicVerificationKey,
  Time32,
  Uint8,
  GeographicRegion
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
    base(1) base-types(2) major-version-2(2)}

  Certificate
FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
    base(1) schema(1) major-version-2(2)}

  SecurityMgmtPsid
FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
    scms(4) interfaces(1) base-types(2) major-version-2(2)}

  CompositeCrl
FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1)
    identified-organization(3) ieee(111) standards-association-numbered-series-standards(2)
    wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)}

;

---
-- @brief The EndEntityRaInterfacePDU is the parent message type for messages 
--        sent between end entities and the Registration Authority.
-- @class EndEntityRaInterfacePDU
-- @param eeRaCertRequest                      contains a message from an EE 
--                                             to the RA to request a copy of
--                                             the RA’s currently valid
--                                             certificate.
-- @param raEeCertResponse                     is a message from the RA to the 
--                                             EE as a response to
--                                             EeRaCertRequest.
-- @param eeRaPseudonymCertProvisioningRequest is a message from an EE to the 
--                                             RA to request pseudonym
--                                             certificates.
-- @param raEePseudonymCertProvisioningAck     is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaPseudonymCertProvisioningRequest.
-- @param eeRaIdCertProvisioningRequest        is a message from an EE to the 
--                                             RA to request an identification
--                                             certificate.
-- @param raEeIdCertProvisioningAck            is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaIdCertProvisioningRequest.
-- @param eeRaAppCertProvisioningRequest       is a message from an EE to the 
--                                             RA to request an application
--                                             certificate.
-- @param raEeAppCertProvisioningAck           is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaAppCertProvisioningRequest.
-- @param eeRaAuthenticatedDownloadRequest     is a message from an EE to the 
--                                             RA to request the download of
--                                             certificates (once they are ready).
EndEntityRaInterfacePDU::= CHOICE {
    eeRaCertRequest                      EeRaCertRequestMsg,
    raEeCertResponse                     RaEeCertResponseMsg,
    eeRaPseudonymCertProvisioningRequest EeRaPseudonymCertProvisioningRequest,
    raEePseudonymCertProvisioningAck     RaEePseudonymCertProvisioningAck,
    eeRaIdCertProvisioningRequest        EeRaIdCertProvisioningRequest,
    raEeIdCertProvisioningAck            RaEeIdCertProvisioningAck,
    eeRaAppCertProvisioningRequest       EeRaAppCertProvisioningRequest,
    raEeAppCertProvisioningAck           RaEeAppCertProvisioningAck,
    eeRaAuthenticatedDownloadRequest     AuthenticatedDownloadRequest,
    ...
}

---
-- @brief This message is sent from an EE to the RA to request the RAs
--        currently valid certificate.
-- @class EeRaCertRequestMsg
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
EeRaCertRequestMsg ::= SEQUENCE {
    version         Uint8(1),
    ...
}

---
-- @brief This message contains an acknowledgement from the RA to an EE's
--        EeRaCertRequestMsg.
-- @class RaEeCertResponseMsg
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @param reply   indicates the contents of the reply message. In this version 
--                of the document, only one choice option is supported, namely 
--                an acknowledgement (ack) of type RaEeCertResponseAck.
-- @see Uint8
RaEeCertResponseMsg ::= SEQUENCE {
    version         Uint8(1),
  	reply           CHOICE {
        ack           RaEeCertResponseAck,
        ...
    },
    ...
}

---
-- @brief This structure contains the RA's currently valid certificate and its 
--        Certificate Revocation List (CRL)
-- @class RaEeCertResponseAck
-- @param raCertificate contains the RA’s currently valid public key 
--                      certificate as defined in Section 6.4.2 of IEEE
--                      1609.2-2016
-- @param crl           contains the Certificate Revocation List pertinent to 
--                      the RA certificate. The Certificate Revocation List 
--                      type is defined in Section 7.3 and 7.4.1 of IEEE
--                      1609.2-2016
-- @see Certificate, CompositeCrl
RaEeCertResponseAck ::= SEQUENCE {
    raCertificate   Certificate,
    crl             CompositeCrl,
    ...
}

---
-- @brief This structure defines the parameters (seed and expansion keys) 
--        required for butterfly key expansion. The RA generates caterpillar keys using a linear formula based on the
--        two fields described in this structure.
-- @class UnsignedButterflyParams
-- @param seed-key  contains the butterfly seed key
-- @param expansion contains the expansion parameter needed to perform a 
--                  Butterfly key expansion Butterfly expansion is described
--                  in https://wiki.campllc.org/display/SCP/SCP1%3A+Butterfly+Keys
-- @see EccP256CurvePoint
UnsignedButterflyParams ::= SEQUENCE {
    seed-key              EccP256CurvePoint,
    expansion             OCTET STRING (SIZE (16))
}

---
-- @brief Identification certificate provisioning request sent by an EE (OBE) to the RA.
--        These are signed and encrypted before sending, see scms-protocol.asn. Note that
--        Identification certificates use Butterfly keys.
-- @class EeRaIdCertProvisioningRequest
-- @param version           contains the current version of the data type. The 
--                          version specified in this document is version 1.
-- @param verify-key-info   provides the information for the SCMS to generate 
--                          and embed multiple ID certificate signature public
--                          keys, one for each ID certificate.
-- @param cert-enc-key-info if included, provides the information for the SCMS 
--                          to generate and embed multiple ID certificate 
--                          optional encryption public keys, one for each ID
--                          certificate.
-- @param resp-enc-key-info provides the information for SCMS to uniquely 
--                          encrypt each ID certificate prior to responding to
--                          the EE.
-- @param region            indicates the operational region for the EE
--                          device. Describes a circular or rectangular
--							region. Must be a sub-region of the region 
--							contained in the EE's enrollment certificate.
-- @param common            provides the structure for indicating the time of 
--                          the request and the requested start time of the
--                          certificates.
-- @param current-time      indicates the time of request generation
-- @see Uint8, Time32, UnsignedButterflyParams
EeRaIdCertProvisioningRequest ::= SEQUENCE {
    version                      Uint8(1),
    verify-key-info              UnsignedButterflyParams,
    cert-enc-key-info            UnsignedButterflyParams OPTIONAL,
    resp-enc-key-info            UnsignedButterflyParams,
	region                       GeographicRegion,
    current-time                 Time32,
    ...
}

---
-- @brief Application certificate provisioning request sent by an EE (RSE) to the RA.
--        Similar to the EeRaIdCertProvisioningRequest defined above, except that 
--        butterfly keys are not used in this case.
-- @class EeRaAppCertProvisioningRequest
-- @param version                  contains the current version of the data 
--                                 type. The version specified in this
--                                 document is version 1.
-- @param verify-key               provides the public key to be embedded in 
--                                 the application certificate.
-- @param cert-encryption-key-info provides the discrete PublicEncryptionKey 
--                                 to be embedded in the application
--                                 certificate for application encryption
--                                 functions.
-- @param resp-encryption-key      provides the discrete PublicEncryptionKey 
--                                 to be used by the SCMS to encrypt the
--                                 certificate response back to the EE.
-- @param region                   indicates the operational region for the EE
--                                 device. Describes a circular or rectangular
--								   region. Must be a sub-region of the region 
--								   contained in the EE's enrollment certificate.
-- @param common                   provides the structure for indicating the 
--                                 time of the request and the requested start
--                                 time of the certificates.
-- @param current-time             indicates the time of request generation
-- @param requested-start-time     indicates the requested start time for the 
--                                 requested certificates to take effect (in terms
--                                 of validity).
-- @see Uint8, Time32 PublicVerificationKey, PublicEncryptionKey
EeRaAppCertProvisioningRequest ::= SEQUENCE {
    version                 Uint8(1),
    verify-key              PublicVerificationKey,
    cert-encryption-key     PublicEncryptionKey OPTIONAL,
    response-encryption-key PublicEncryptionKey,
	region                  GeographicRegion,
    current-time            Time32,
    requested-start-time    Time32,
    ...
}

---
-- @brief Pseudonym certificate provisioning: Pseudonym certificates use 
--        butterfly keys. Unlike identification certificates, they are 
--        shuffled and include linkage values. This differentiation is visible
--        in other interfaces only, in particular RA-PCA.
-- @class EeRaPseudonymCertProvisioningRequest
-- @param version           contains the current version of the data type. The 
--                          version specified in this document is version 1.
-- @param verify-key-info   provides the information for the SCMS to generate 
--                          and embed multiple pseudonym certificate signature
--                          public keys, one for each ID certificate.
-- @param resp-enc-key-info provides the information for the SCMS to uniquely 
--                          encrypt each pseudonym certificate prior to
--                          responding to the EE.
-- @param common            provides the structure for indicating the time of 
--                          the request and the requested start time of the
--                          certificates.
-- @param current-time      indicates the time of request generation
-- @see Uint8, Time32, UnsignedButterflyParams
EeRaPseudonymCertProvisioningRequest ::= SEQUENCE {
    version                      Uint8(1),
    verify-key-info              UnsignedButterflyParams,
    resp-enc-key-info            UnsignedButterflyParams,
    current-time                 Time32,
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE’s pseudonym certificate provisioning request. This 
--        message is signed and encrypted before sending to EE, see scms
--        protocol.asn.
-- @class RaEePseudonymCertProvisioningAck
-- @param version     contains the current version of the data type. The 
--                    version specified this document is version 1.
-- @param requestHash contains the hash of the original request, using the 
--                    HashedId8 type as defined in 1609dot2-base-types.asn.
-- @param reply       indicates the contents of the reply message. In this 
--                    version of the document, only one choice option is 
--                    supported, namely an acknowledgement (ack) of type
--                    PseudonymCertProvisioningAck.
-- @see Uint8, HashedId8
RaEePseudonymCertProvisioningAck ::= SEQUENCE {
    version     Uint8(1),
    requestHash HashedId8,
    reply       CHOICE {
        ack        PseudonymCertProvisioningAck,
        ...
    },
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE’s pseudonym certificate provisioning request.
-- @class PseudonymCertProvisioningAck
-- @param certDLTime contains the time at which the download of the generated 
--                   certificates is available.
-- @param certDLURL  contains the URL at which the EE may download the 
--                   pseudonym certificates at the indicated time.
-- @see Time32, Hostname
PseudonymCertProvisioningAck ::= SEQUENCE {
    certDLTime       Time32,
    certDLURL        Hostname,
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE's identity certificate provisioning request.
-- @class RaEeIdCertProvisioningAck
RaEeIdCertProvisioningAck ::= RaEePseudonymCertProvisioningAck

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE's application certificate provisioning request.
-- @class RaEeAppCertProvisioningAck
RaEeAppCertProvisioningAck ::= RaEePseudonymCertProvisioningAck

---
-- @brief This structure represents the EE’s request for download from the RA. 
--        The request indicates the time of the download request in addition
--        to the requested filename.
-- @class AuthenticatedDownloadRequest
-- @param timestamp contains the time at which the download request for the 
--                  file (filename) was generated.
-- @param filename  contains the name of the file to download.
-- @see Time32
AuthenticatedDownloadRequest ::= SEQUENCE {
    timestamp      Time32,
    filename       UTF8String (SIZE(0..255)),
    ...
}

END