Traffic Management Center --> Connected Vehicle Roadside Equipment:
intersection safety application info

Definitions

intersection safety application info (Information Flow): Intersection and device configuration data, including intersection geometry, and warning parameters and thresholds. This flow also supports remote control of the application so the application can be taken offline, reset, or restarted.

Traffic Management Center (Source Physical Object): The 'Traffic Management Center' monitors and controls traffic and the road network. It represents centers that manage a broad range of transportation facilities including freeway systems, rural and suburban highway systems, and urban and suburban traffic control systems. It communicates with ITS Roadway Equipment and Connected Vehicle Roadside Equipment (RSE) to monitor and manage traffic flow and monitor the condition of the roadway, surrounding environmental conditions, and field equipment status. It manages traffic and transportation resources to support allied agencies in responding to, and recovering from, incidents ranging from minor traffic incidents through major disasters.

Connected Vehicle Roadside Equipment (Destination Physical Object): 'Connected Vehicle Roadside Equipment' (CV RSE) represents the Connected Vehicle roadside devices (i.e., Roadside Units (RSUs)) equipped with short range wireless (SRW) communications technology, as well as any other supporting equipment that leverage the RSU and are not described by other objects (e.g., a local roadside processor). CVRSE are used to send messages to, and receive messages from, nearby vehicles and personal devices equipped with compatible communications technology. Communications with adjacent field equipment and back office centers that monitor and control the RSE are also supported. This device operates from a fixed position and may be permanently deployed or a portable device that is located temporarily in the vicinity of a traffic incident, road construction, or a special event. It includes a processor, data storage, and communications capabilities that support secure communications with passing vehicles, other field equipment, and centers.

Included In

This Triple is in the following Service Packages:

This triple is associated with the following Functional Objects:

This Triple is described by the following Functional View Data Flows:

This Triple has the following triple relationships:

Communication Solutions

  • (None-Data) - Secure Internet (ITS) (43)
Solutions are sorted in ascending Gap Severity order. The Gap Severity is the parenthetical number at the end of the solution.

Selected Solution

(None-Data) - Secure Internet (ITS)

Solution Description

This solution is used within Australia, Canada, the E.U. and the U.S.. It combines standards associated with (None-Data) with those for I-I: Secure Internet (ITS). The (None-Data) standards include an unspecified set of standards at the upper layers. The I-I: Secure Internet (ITS) standards include lower-layer standards that support secure communications between ITS equipment using X.509 or IEEE 1609.2 security certificates.

ITS Application Entity
Mind the gapMind the gapMind the gap

Development needed
Click gap icons for more info.

Mgmt
Facilities
Mind the gap

Development needed
Security
Mind the gapMind the gap
TransNet
Access

Internet Subnet Alternatives
TransNet TransNet

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Access Access

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

ITS Application ITS Application

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Mgmt Mgmt

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Facility Facility

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Security Security

TempBCL2 TempSTDL2

TempBCL3 TempSTDL3

TempBCL4 TempSTDL4

TempBCL5 TempSTDL5

Note that some layers might have alternatives, in which case all of the gap icons associated with every alternative may be shown on the diagram, but the solution severity calculations (and resulting ordering of solutions) includes only the issues associated with the default (i.e., best, least severe) alternative.

Characteristics

Characteristic Value
Time Context Recent
Spatial Context Local
Acknowledgement True
Cardinality Unicast
Initiator Destination
Authenticable True
Encrypt True


Interoperability Description
Local In cases where an interface is normally encapsulated by a single stakeholder, interoperability is still desirable, but the motive is vendor independence and the efficiencies and choices that an open standards-based interface provides.

Security

Information Flow Security
  Confidentiality Integrity Availability
Rating Moderate Moderate Low
Basis Application configuration: The messages sent from the RSE are public and the warning parameters can be assumed to follow widely-known industry best practices, so management messages to configure these do not have a significant confidentiality requirement.
Device management: As with TMC: Pedestrian Safety Warning Control, the device management may include proprietary information about the particular device being managed such as firmware details, memory size, processor limitations etc. The confidentiality requirement for the roadway equipment should be set by the supplier based on their understanding of the confidentiality requirements of the management messages. Note that the supplier can be assumed to provide devices that meet their own security requirements; however, the confidentiality requirements of this flow will also apply to the TMC. DISC: NYC believes this to be low. RES: This can vary, and is application context dependent.
Fake instances of this information flow can cause drivers and pedestrians to get incorrect information (for example, swap the "safe to cross" and "not safe to cross" messages so pedestrians are told to cross when it isn't safe). In particular, visually impaired people may rely on the message content to cross safely and may be endangered by bad message content. However, the impact is limited to a single crossing area and drivers still have primary responsibility for the safety of vulnerable road users, so the integrity requirement is MEDIUM rather than HIGH. DISC: THEA and NYC believe this should be HIGH: "proprietary info that should not be tampered with" Assuming that the traffic signal is configured reasonably well to start off with, the system should be robust if it goes an arbitrary amount of time without reconfiguration.


Security Characteristics Value
Authenticable True
Encrypt True