Intelligent Transportation Systems (ITS) operate as a system-of-systems linking vehicles, roadside infrastructure, central management systems, and users. Securing this complex system requires a layered architecture that addresses threats and manages trust. This is enabled through global and regional cybersecurity standards published by ISO, IEEE, ETSI, SAE, and NIST. These standards define common requirements for protecting data integrity, authenticity, privacy, and system resiliency in an interoperable manner. They are organized here according to key layers of the ITS security architecture:
Physical Layer
Network/Transport Layer
Application Layer
Trust and Identity Layer
Misbehavior Detection Layer
Each layer's standards play work together to help assure end-to-end integrity and resilience of an ITS system.
Specifies DSRC/WAVE radio communications at 5.9 GHz for vehicular networking. Enables low-latency broadcast but without link encryption, requiring secure message signing at higher layers.
3GPP LTE-V2X / NR-V2X
Specifies cellular V2X radio interfaces for sidelink communication. Security depends on higher-layer protections using certificates.
IEEE 802.1X
Network access control protocol often used in Ethernet-based ITS backhaul networks to authenticate RSUs and field devices.
IEEE 802.3
Ethernet standard supporting wired communications among traffic infrastructure, including support for secure physical connections.
SAE J2945/1 On-Board System Requirement for V2V Safety Communications
Specifies foundational requirements for V2V safety applications including secure communications, key provisioning, secure storage, and revocation handling.
SAE J3101
Defines hardware security requirements for ground vehicles, including secure boot, key storage, and hardware protections against tampering.
ISO/IEC 19790:2025
Provides requirements for cryptographic modules used to protect sensitive data, applicable to both software and hardware modules.
NIST FIPS 140-3
U.S. Federal standard for certifying cryptographic modules. Commonly used to evaluate tamper-resistant secure elements in OBUs and RSUs.
Trusted Platform Module (TPM) / ISO/IEC 11889
Guidance for secure boot and hardware-based trust anchors in automotive ECUs.
Outlines the functional and assurance requirements for HSMs used in V2X systems, with focus on secure key lifecycle and resistance to physical attacks.
European Commission's V-ITS-S Base Protection Profile (SAFERTEC) Project
Evaluates the trustworthiness of V2X and V2I devices through structured security assessment criteria.
SAE J3161/1 Onboard System Requirements for LTE-V2X V2V Safety Communications
Defines requirements for LTE-V2X systems in light-duty and public safety vehicles including performance and security aspects.
SAE J3161/1B Onboard System Requirements for LTE-V2X V2V Safety Communications by Non-Light-Duty Vehicles and Motorcycles
Extends J3161/1 requirements to non-light-duty vehicles and motorcycles, ensuring consistent V2V communication and security.
SAE J3161/1C Onboard System Requirements for LTE-V2X V2V Safety Communications by School Buses
Covers system requirements and adaptations for V2V communications specific to school buses, including security and safety mandates.
UNECE R155
Regulation that mandates cybersecurity management systems for vehicle manufacturers, including hardware risk mitigation.
NTCIP / SNMPv3 (RFC 3410)
Management protocols with authentication and encryption for ITS field device communications.