US: NTCIP Data Collection - SNMPv3/TLS
This solution is used within the U.S.. It combines standards associated with US: NTCIP Data Collection with those for I–F: SNMPv3/TLS. The US: NTCIP Data Collection standards include upper–layer standards required to implement center–to–field communications for data collection and monitoring of traffic characteristics (e.g., non–real–time data). The I–F: SNMPv3/TLS standards include lower–layer standards that support secure center–to–field and field–to–field communications using simple network management protocol (SNMPv3); implementations are strongly encouraged to use the TLS for SNMP security option for this solution to ensure adequate security.
|Mgmt||NTCIP 1201||NTCIP Global Object (GO) Definitions||This standard defines SNMP objects (data elements) used by a wide range of field devices like time and versioning information.|
|Security||IETF RFC 6353||Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)||This standard (RFC) defines how to use the TLS authentication service to provide authentication within the access control mechanism of SNMP.|
|ITS Application Entity||NTCIP 1206||NTCIP Object Definitions for Data Collection||This standard defines SNMP objects (data elements) for data collection and monitoring (DCM) equipment.|
|ITS Application Entity||NTCIP 1209||NTCIP Object Definitions for Transportation Sensor Systems (TSS)||This standard defines SNMP objects (data elements) to monitor and control transportation system sensors that measure real–time vehicular traffic information.|
|Facilities||NTCIP 1206||NTCIP Object Definitions for Data Collection||This standard defines SNMP objects (data elements) for data collection and monitoring (DCM) equipment.|
|Facilities||NTCIP 1209||NTCIP Object Definitions for Transportation Sensor Systems (TSS)||This standard defines SNMP objects (data elements) to monitor and control transportation system sensors that measure real–time vehicular traffic information.|
One significant or possibly a couple minor issues. For existing deployments, the chosen solution likely has identified security or management issues not addressed by the communications solution. Deployers should consider additional security measures, such as communications link and physical security as part of these solutions. They should also review the management issues to see if they are relevant to their deployment and would require mitigation. For new deployments, the deployment efforts should consider a path to addressing these issues as a part of their design activities. The solution does not by itself provide a fully secure implementation without additional work.
|Issue||Severity||Description||Associated Standard||Associated Triple|
|Out of date (medium)||Medium||The standard includes normative references to other standards that have been subject to significant changes that can impact interoperability or security of systems and the industry has not specified if and how these updates should be implemented for deployments of this standard.||IETF RFC 6353 TLS for SNMP||(All)|
|Update data to SNMPv3||Low||Data has been defined for SNMPv1, but needs to be updated to SNMPv3 format.||(None)||(All)|
|Use case not considered in design (minor)||Low||While the indicated standards nominally address the information flow, the design may not meet practical constraints because this particular use case was not the focus of the design effort.||(None)||ODOT / KYTC Traffic Counters=>roadside archive data=>ODOT / KYTC Archive|
|Use TLS for SNMP Option||Low||The standard allows for multiple security mechanisms. The only defined mechanism that meets the requirements for C–ITS is the one based on TLS.||(None)||(All)|
|ODOT / KYTC Traffic Counters||ODOT / KYTC Archive||roadside archive data|