research-article

Data Integrity Threats and Countermeasures in Railway Spot Transmission Systems

Authors:

William G. Temple,

Bao Anh N. Tran,

Zbigniew Kalbarczyk,

Jianying ZhouAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems, Volume 4, Issue 1

Article No.: 7, Pages 1 - 26

https://doi.org/10.1145/3300179

Published: 02 November 2019 Publication History

Abstract

Modern trains rely on balises (communication beacons) located on the track to provide location information as they traverse a rail network. Balises, such as those conforming to the Eurobalise standard, were not designed with security in mind and are thus vulnerable to cyber attacks targeting data availability, integrity, or authenticity. In this work, we discuss data integrity threats to balise transmission modules and use high-fidelity simulation to study the risks posed by data integrity attacks. To mitigate such risk, we propose a practical two-layer solution: At the device level, we design a lightweight and low-cost cryptographic solution to protect the integrity of the location information; at the system layer, we devise a secure hybrid train speed controller to mitigate the impact under various attacks. Our simulation results demonstrate the effectiveness of our proposed solutions.

References

[1]

IEEE Vehicular Technology Society. 2004. IEEE 1474.1-2004-IEEE Standard for Communications-based Train Control (CBTC) Performance and Functional Requirements. Retrieved from https://standards.ieee.org/content/ieee-standards/en/standard/1474_1-2004.html.

[2]

Robert D. Pascoe and Thomas N. Eichorn. 2009. What is communication-based train control? IEEE Vehic. Technol. Mag. 4, 4 (2009), 16--21.

[3]

Jeffrey C. Peters and John Frittelli. [n.d.]. Positive train control (PTC): Overview and policy issues. Congressional Research Service R42637.

[4]

Greogory D. Newman. [n.d.]. Railway signalling system. Patent No. US 5437422 A, granted on 1 Aug. 1995.

[5]

The European Rail Traffic Management System. [n.d.]. Retrieved from http://www.ertms.net/.

[6]

Signaling Solutions: URBALIS CBTC. [n.d.]. Retrieved from https://signallingsolutions.com/wp-content/uploads/files/urbalis.pdf.

[7]

Siemens Trainguard Eurobalise S21 and S22. [n.d.]. Retrieved from https://www.mobility.siemens.com/mobility/global/SiteCollectionDocuments/en/rail-solutions/rail-automation/train-control-systems/trainguard-eurobalise-s21-s22-en.pdf.

[8]

Thales SelTrac CBTC. [n.d.]. Retrieved from https://www.thalesgroup.com/sites/default/files/asset/document/cbtc_brochure_0.pdf.

[9]

Per Lundberg and Philippe Prieels. [n.d.]. UNISIG FFFIS for Eurobalise. SUBSET-036, Issue 3.1.0, 17 Dec 2015.

[10]

W. G. Temple, B. A. N. Tran, B. Chen, Z. Kalbarczyk, and W. H. Sanders. 2017. On train automatic stop control using balises: Attacks and a software-only countermeasure. In Proceedings of the IEEE Pacific Rim International Symposium on Dependable Computing (PRDC’17).

[11]

Richard Bloomfield, Robin E. Bloomfield, Ilir Gashi, and Robert J. Stroud. 2012. How secure is ERTMS? In Proceedings of the Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI’12). 247--258.

[12]

Sergey Bezzateev, Natalia Voloshina, and Petr Sankin. 2013. Joint safety and security analysis for complex systems. In Proceedings of the Conference of Finnish-Russian University Cooperation in Telecommunications (FRUCT’13).

Digital Library

[13]

Alstom ATLAS trackside ETCS solution. [n.d.]. Retrieved from http://www.alstom.com/Global/Transport/Resources/Documents/brochure2014/Atlas%20Trackside%20-%20Brochure%20-%20EN.pdf.

[14]

Siemens TPG Eurobalise V2 web test and programming device. [n.d.]. Retrieved from http://w1.siemens.ch/mobility/ch/de/topics/download-center/Documents/Siemens%20Unterhalts-%20und%20Diagnosesysteme/9096-316_Test-und_Programmierger%C3%A4t_TPG-Eurobalise_V2-Web_en.pdf.

[15]

Dewang Chen, Rong Chen, Yidong Li, and Tao Tang. 2013. Online learning algorithms for train automatic stop control using precise location data of balises. IEEE Trans. Intell. Transp. Syst. 14, 3 (Sept. 2013), 1526--1535.

Digital Library

[16]

Stefano Di Cairano, Mehmet Ulusoy, and Sohrab Haghighat. [n.d.]. Automatic Train Stop Control System. US 9387866 B1, granted on 12 July 2016.

[17]

James F. Shockley Mark E. Kane and Harrison T. Hickenlooper. [n.d.]. Method and system for checking track integrity. Patent No. US 6845953 B2, granted on 25 Jan. 2005.

[18]

Jeffrey M. Fries. [n.d.]. Systems and methods for determining route location. Patent No. US 8924066 B2, granted on 30 Dec. 2014.

[19]

Righter Kunkel. 2010. Air traffic control insecurity2.0. In Proceedings of DEFCON 18.

[20]

Andrei Costin and Aurélien Francillon. 2012. Ghost in the air (traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices. In Proceedings of Black Hat USA.

[21]

Matthias Schäfer, Vincent Lenders, and Ivan Martinovic. 2013. Experimental analysis of attacks on next generation air traffic communication. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS’13). 253--271.

Digital Library

[22]

William W. Peterson. 1961. Cyclic codes for error detection. In Proceedings of the Institute of Radio Engineers (IRE’61). 228--235.

[23]

Irving S. Reed and Gustave Solomon. 1960. Polynomial codes over certain finite fields. J. Soc. Industr. Appl. Math. 8, 2 (1960), 300--304.

[24]

Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Keying hash functions for message authentication. In Proceedings of the Annual International Cryptology Conference (CRYPTO’96). 1--15.

[25]

Mihir Bellare, Joe Kilian, and Phillip Rogaway. 1994. The security of cipher block chaining. In Proceedings of the Annual International Cryptology Conference (CRYPTO’94). 341--358.

[26]

Michael O. Rabin. 1981. Fingerprinting by random polynomials. Center for Research in Computing Technology, Harvard University, Technical Report TR-CSE-03-01 (1981).

[27]

Hugo Krawczyk. 1994. LFSR-based hashing and authentication. In Proceedings of the Annual International Cryptology Conference (CRYPTO’94). 129--139.

[28]

Victor Shoup. 1996. On fast and provably secure message authentication based on universal hashing. In Proceedings of the Annual International Cryptology Conference (CRYPTO’96). 313--328.

[29]

Lawrence Carter and Mark N. Wegman. 1979. Universal classes of hash functions. J. Comput. Syst. Sci. 18, 2 (1979), 143--154.

[30]

Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’09). 187--198.

Digital Library

[31]

Raj C. Bose and Dwijendra K. Ray-Chaudhuri. 1960. On a class of error correcting binary group codes. Info. Control 3, 1 (1960), 68--79.

[32]

Charles C. Y. Lam, Guang Gong, and Scott A. Vanstone. 2002. Message authentication codes with error correcting capabilities. In Proceedings of the International Conference on Information and Communications Security (ICICS’02). 354--366.

[33]

Renwei Ge, Gonzalo R. Arce, and Giovanni Di Crescenzo. 2006. Approximate message authentication codes for n-ary alphabets. IEEE Trans. Info. Forens. Secur. 1, 1 (2006), 56--67.

Digital Library

[34]

Elena Dubrova, Mats Näslund, and Göran Selander. 2015. CRC-based message authentication for 5G mobile technology. In Proceedings of the IEEE TrustCom/BigDataSE/ISPA Conference. 1186--1191.

Digital Library

[35]

Elena Dubrova, Mats Näslund, Göran Selander, and Fredrik Lindqvist. 2015. Lightweight CRC-based message authentication. IACR Cryptol. ePrint Arch. 2015 (2015), 1138.

[36]

Michael B. Haynie and William R. Laurune. [n.d.]. System and method for vitally determining position and position uncertainty of a railroad vehicle employing diverse sensors including a global positioning system sensor. Patent No. US 8296065 B2, granted on 23 Oct. 2012.

[37]

Jean-Pierre Franckart. [n.d.]. Method for secure determination of an object location, preferably a vehicle moving along a known course. Patent No. US 6768447 B2, granted on 27 July 2004.

[38]

Abe Kanner. [n.d.]. Vehicle localization system. Patent No. US 8477067 B2, granted on 2 July 2013.

[39]

Boyd McKillican and Abe Kanner. [n.d.]. Method of determining the position of a vehicle moving along a guideway. Patent No. US 9085310 B2, granted on 21 July 2015.

[40]

Jeffrey D. Kernwein. [n.d.]. System and method to determine train location in a track network. Patent No. US 8214091 B2, granted on 3 July 2012.

[41]

1996. Transport Research EURET Rail Transport VII-5, Eurobalise sub-system. Office for Official Publications of the European Communities.

[42]

F. Kerschbaum, H.W. Lim, and I. Gudymenko. 2013. Privacy-preserving billing for e-ticketing systems in public transportation. In Proceedings of the 12th annual ACM Workshop on Privacy in the Electronic Society (WPES’13). 143--154.

[43]

Singapore Enterprise. 2006. Singapore Standard: Specification for contactless e-purse application. SS 518: 2006.

[44]

E. Brier and T. Peyrin. 2010. A forward-secure symmetric-key derivation protocol—How to improve classical DUKPT. In Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’10). 250--267.

[45]

Chris J. Mitchell. 2003. Truncation attacks on MACs. IET Electr. Lett. 39, 20 (2003), 1439--1440.

[46]

Peter Gaži, Krzysztof Pietrzak, and Stefano Tessaro. 2015. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. In Proceedings of the Annual Cryptology Conference (CRYPTO’15). 368--387.

[47]

UNISIG. 2012. ETCS SUBSET-041: Performance Requirements for Interoperability, Issue 3.1.0.

[48]

Monica Malvezzi, Benedetto Allotta, and Mirko Rinchi. 2011. Odometric estimation for automatic train protection and control systems. Vehicle Syst. Dynam. 49, 5 (2011), 723--739. arXiv:http://dx.doi.org/10.1080/00423111003721291

Cited By

Dansarie M(2024)Security Issues in Special-Purpose Digital Radio Communication Systems: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342009112(91101-91126)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3420091
Li ZShan QWei ZLin ZWu FXiao JHuang SLiu Y(2023)A 62 ppm MDR Deviation and Sub-250 ns MTIE Railway BaliseElectronics10.3390/electronics1220421712:20(4217)Online publication date: 11-Oct-2023
https://doi.org/10.3390/electronics12204217
Zoppi TMungiello ICeccarelli ACirillo ASarti LEsposito LScaglione GRepetto SBondavalli A(2023)Safe Maintenance of Railways using COTS Mobile Devices: The Remote Worker DashboardACM Transactions on Cyber-Physical Systems10.1145/36071937:4(1-20)Online publication date: 4-Jul-2023
https://dl.acm.org/doi/10.1145/3607193
Show More Cited By

Index Terms

Data Integrity Threats and Countermeasures in Railway Spot Transmission Systems
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Modeling Adversarial Physical Movement in a Railway Station: Classification and Metrics
Special Issue on Transportation CPS

Many real-world attacks on cyber-physical systems involve physical intrusions that directly cause damage or facilitate cyber attacks. Hence, in this work, we investigate the security risk of organizations with respect to different adversarial models of ...
Power attack: An imminent security threat in real-time system for detecting missing rail blocks in developing countries
Abstract
Exploration of potential security threats and vulnerabilities of a real-time system specifically designed for detecting missing rail blocks in the context of developing countries is yet to be explored. Therefore, in this paper, we ...
Threats and countermeasures for information system security: A cross-industry study

IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 4, Issue 1

Special Issue on Transportation CPS

January 2020

311 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3371149

Editor:
Tei-Wei Kuo
City University of Hong Kong and National Taiwan University, Taiwan

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 02 November 2019

Accepted: 01 December 2018

Revised: 01 November 2018

Received: 01 October 2017

Published in TCPS Volume 4, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Cybersecurity R8D Programme
National Cybersecurity R8D Directorate
Human-centered Cyber-physical Systems Programme at the Advanced Digital Sciences Center
National Research Foundation (NRF)
Singapore's Agency for Science, Technology, and Research (A*STAR)
Prime Minister's Office

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
279
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)10

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dansarie M(2024)Security Issues in Special-Purpose Digital Radio Communication Systems: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342009112(91101-91126)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3420091
Li ZShan QWei ZLin ZWu FXiao JHuang SLiu Y(2023)A 62 ppm MDR Deviation and Sub-250 ns MTIE Railway BaliseElectronics10.3390/electronics1220421712:20(4217)Online publication date: 11-Oct-2023
https://doi.org/10.3390/electronics12204217
Zoppi TMungiello ICeccarelli ACirillo ASarti LEsposito LScaglione GRepetto SBondavalli A(2023)Safe Maintenance of Railways using COTS Mobile Devices: The Remote Worker DashboardACM Transactions on Cyber-Physical Systems10.1145/36071937:4(1-20)Online publication date: 4-Jul-2023
https://dl.acm.org/doi/10.1145/3607193
Bian CYang SXu QFeng J(2023)Holistic Transmission Performance Prediction of Balise System With Gate-Steered Residual Interweave NetworksIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2023.329777153:12(7461-7474)Online publication date: Dec-2023
https://doi.org/10.1109/TSMC.2023.3297771
Staroletov S(2023)Non-Deterministic Bitwise Programming to Solve the Eurobalise Telegram Encoding ProblemTransportation Research Procedia10.1016/j.trpro.2023.02.07068(516-525)Online publication date: 2023
https://doi.org/10.1016/j.trpro.2023.02.070
Kour RPatwardhan AThaduri AKarim R(2022)A review on cybersecurity in railwaysProceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit10.1177/09544097221089389237:1(3-20)Online publication date: 26-Apr-2022
https://doi.org/10.1177/09544097221089389
Bian CYang SXu QMeng J(2022)Disturbances Prediction of Bit Error Rate for High-Speed Railway Balise Transmission Through Persistent State MappingIEEE Transactions on Vehicular Technology10.1109/TVT.2022.315234771:5(4841-4850)Online publication date: May-2022
https://doi.org/10.1109/TVT.2022.3152347
Bian CYang SXu QMeng J(2022)Speed Adaptability Assessment of Railway Balise Transmission Module Using a Deep-Adaptive-Attention-Based Encoder–Decoder NetworkIEEE Transactions on Industrial Electronics10.1109/TIE.2021.307671369:4(4195-4204)Online publication date: Apr-2022
https://doi.org/10.1109/TIE.2021.3076713
Jayakumar MJoshi AMaji ASahu P(2022)A Global Perspective of Railway SecurityTransportation Research in India10.1007/978-981-16-9636-7_13(233-247)Online publication date: 24-Mar-2022
https://doi.org/10.1007/978-981-16-9636-7_13
Xu QMeng JLuo YYang S(2021)Uplink Transmission Performance Evaluation and Prediction of Railway Balise based on AHP-WNN2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C55045.2021.00033(169-176)Online publication date: Dec-2021
https://doi.org/10.1109/QRS-C55045.2021.00033
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents