Terms of Reference for Working Group 5: Security
Approved at ITS#02
Working Group 5 shall be responsible for:
Conducting studies leading to deliverables on Security;
- Assuring ITS solutions conform to regulatory requirements
for privacy, data protection, lawful interception and data
- Management and co-ordination of the development of security
specifications for ITS communication and data;
- Investigation of security services and mechanisms required
for providing ITS services over the Internet;
- Development of security analyses of candidate protocols and
network elements to be used within the ITS framework to
implement capabilities e.g., EMTEL aspects, IPv6 migration,
keying strategies and methods;
- Tracking ongoing worldwide security activities of interest
to ITS (notably in ISO TC204)
Working Group 5 shall undertake activities including, but not restricted to:
Determine and document the objectives and priorities for ITS
security taking into account the needs and aspirations of users,
operators, regulators and manufacturers (primarily building a
secure Service Capability invocation and protection model).
- Accommodate, as far as is practicable, any regional
regulatory requirements in security objectives. This includes
regional regulatory requirements that are related to the
processing of personal data and privacy.
- Ensure that a threat analysis for ITS is conducted and
maintained as the feature set being standardised grows.
- Detail the security requirements for ITS to include, but not
necessarily be limited to, security requirements for services,
user access to services, billing and accounting, operations and
maintenance, and fraud control.
- Detail the security requirements for the physical elements
of ITS deployments to include, but not necessarily be limited
to, security requirements for the access network, the core
network and its interfaces to legacy networks and terminals.
- Define a security architecture for ITS which will satisfy
the security requirements and align with the ITS system
- Produce specifications for:
o All the elements in the security
o Operations and management of the security
o Any cryptographic algorithms needed for the
- Ensure the availability of any cryptographic algorithms
which need to be part of the common specifications (via SAGE for
- Define how the specifications for the security elements are
to be integrated into the access network, core network,
terminal, O&M and other relevant specifications produced for
ITS, and to assist with that integration.
Detail the requirements for lawful interception in ITS, and
produce all specifications needed to meet those requirements.
This work shall be performed in conjunction with TC LI to ensure
handover capabilities exist sufficient to support the
- Produce a time and milestones plan for the introduction of
the various elements of the security architecture which is in
line with the development of other relevant elements of ITS.
- Produce guidelines on the use of the ITS security elements,
including any requirements for operator specific algorithms.
- Produce guidelines on the limitations of ITS security, and
of the implications of not activating the security elements that
In addition, security services and mechanisms for providing services over the
Internet will continue to be investigated. It is important to realize that
security for open networks and for interoperability is challenging.