Experiences from implementing the ETSI ITS SecuredMessage service

Cooperative intelligent transport systems supporting secure vehicle to vehicle and vehicle to infrastructure communications, is becoming a very important topic. The aim of this paper is to share our experiences from implementing the ETSI Intelligent Transport System (ITS) SecuredMessage and sign/verify services on an existing ETSI ITS communication stack (ITSC). We have followed the new ETSI TS 103 097 v1.1.1 standard when implementing the security services, and have made our best to create a robust and secure implementation. Our goal has been to identify flaws and vulnerabilities in our implementation that are caused by weaknesses or deficiencies in the standard and in its description of services. We have then performed an analysis of the protocol, its headers and created test cases used to test our implementation. Several problems were found, and we have also repeated the tests with another, supposedly very stable implementation, provided by Fraunhofer FOKUS. To our surprise, this system also showed unexpected behavior as our system. We show that these problems are the result of weaknesses and complexities in the design of the standard. We present the problems found in our implementation and show what part in the standard was causing the problems. We show that several problems in the standard, mainly due to their complexity, open up for misinterpretation leading to various types of implementation errors. We conclude the paper with proposing changes to the standard to prevent other implementations from repeating the same mistakes.