ITS Object --> Cooperative ITS Credentials Management System:
misbehavior report
Definitions
misbehavior report (Information Flow): Notification of potential security issues encountered in processing messages, including message authentication or integrity failures, plausibility failures, or other issues appropriate to the CCMS' misbehavior policies.
ITS Object (Source Physical Object): The general 'ITS Object' includes core capabilities common to any class of object.
Cooperative ITS Credentials Management System (Destination Physical Object): The 'Cooperative ITS Credentials Management System' (CCMS) is a high-level aggregate representation of the interconnected systems that enable trusted communications between mobile devices and other mobile devices, roadside devices, and centers and protect data they handle from unauthorized access. Representing the different interconnected systems that make up a Public Key Infrastructure (PKI), this physical object represents an end user view of the credentials management system with focus on the exchanges between the CCMS and user devices that support the secure distribution, use, and revocation of trust credentials.
Included In
This Triple is in the following Service Packages:
This triple is associated with the following Functional Objects:
This Triple is described by the following Functional View Data Flows:
- misbehavior_report_characteristics
- misbehavior_reporter_identity
- misbehavior_suspicious_message
- misbehavior_suspicious_sender_identity
This Triple has the following triple relationships:
None |
Communication Solutions
- EU: Misbehavior reporting - Secure Internet (ITS) (17)
- US: Misbehavior reporting - Secure Internet (ITS) (17)
Selected Solution
Solution Description
ITS Application Entity
Application Specific |
Click gap icons for more info.
|
||
Mgmt
|
Facilities
Development needed |
Security
|
|
TransNet
|
|||
Access
Internet Subnet Alternatives |
Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.
Characteristics
Characteristic | Value |
---|---|
Time Context | Recent |
Spatial Context | National |
Acknowledgement | True |
Cardinality | Unicast |
Initiator | Source |
Authenticable | True |
Encrypt | True |
Interoperability | Description |
---|---|
National | This triple should be implemented consistently within the geopolitical region through which movement is essentially free (e.g., the United States, the European Union). |
Security
Information Flow Security | ||||
---|---|---|---|---|
Confidentiality | Integrity | Availability | ||
Rating | Moderate | Moderate | Low | |
Basis | Misbehavior reports will contain some kind of identification, in many cases pseudonyms, but at some point in the life cycle linkable to a device and device owner. Even if a pseudonym is the reference, the contents of the report should not be openly readable as compromised could be used to further abuse the target, such as by spamming other (false) misbehavior reports, or simply not trusting that party when the actual trust anchor has made no such determination. | Misbheavior reports provide the basic data for misbehavior analysis, the purpose of which is the removal of misbehaving or malfunctioning actors from the C-ITS environment. So naturally the misbehavior report must be correct. This is not HIGH because presumably, multiple reports must be received regarding the same actor in order to process a revocation. | Successful revocation depends on receipt of accurate and timely misbehavior reports. Reports from center-based objects are more likely to be taken with greater weight, and due to the structure of the system, also likely to be less frequent. This makes center-based reports more dependent on availability, so center-based reports receive a MODERATE availability, while those from more frequent generating field sources (RSEs, OBEs, PIDs etc.) LOW availability. |
Security Characteristics | Value |
---|---|
Authenticable | True |
Encrypt | True |