Abstract
Modern railway systems rely on communication-based train control (CBTC) for traffic management and automation. CBTC provides the controller with precise, timely updates on the position/speed of trains and communicates the corresponding control information to the trains. However, disruptions due to potential component failures and jamming attacks threaten the communication availability in CBTC. To improve availability, we propose a countermeasure based on redundant communications. The proposed Transparent, Agnostic, Secure Communication (TASC) system sniffs and tunnels the CBTC messages through an alternative network to their intended receivers. Prior works mitigate the impact of jamming and failures through hardware modifications to CBTC. In contrast, TASC is transparent to the underlying system, causing no interference unless signaling is disrupted, and designed to be agnostic to communication protocols above the physical-layer. Unlike commonly adopted active redundancy via the duplication of components, TASC steps in only upon signaling disruptions, employing standby redundancy.
This work was supported in part by the National Research Foundation (NRF), Prime Ministers Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-031) and administered by the National Cybersecurity R&D Directorate, and in part by the National Research Foundation, Prime Minister’s Office, Singapore under its Campus for Research Excellence and Technological Enterprise (CREATE) programme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Zone Controller, also known as the Wayside Controller, is responsible for controlling a particular section comprising of multiple access points in the railway network.
- 2.
For 128-bit security, we chose SHA-256 as the digest function of the employed HMAC. We concatenate a timestamp to the input of HMAC for freshness.
- 3.
Likewise, HMAC can be sent along with the train data for authentication and integrity. Encryption may be considered if confidentiality is of concern. We used 128-bit AES for 128-bit security.
References
Chang, S., Tran, B.A.N., Hu, Y., Jones, D.L.: Jamming with power boost: leaky waveguide vulnerability in train systems. In: IEEE 21st International Conference on Parallel and Distributed Systems, pp. 37–43 (2015). https://doi.org/10.1109/ICPADS.2015.13
Chen, B., et al.: Security analysis of urban railway systems: the need for a cyber-physical perspective. In: Koornneef, F., van Gulijk, C. (eds.) Computer Safety, Reliability, and Security, vol. 9338, pp. 277–290. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_24
Coit, D.W.: Cold-standby redundancy optimization for nonrepairable systems. IIE Trans. 33(6), 471–478 (2001). https://doi.org/10.1023/A:1007689912305
Deniau, V.: Overview of the European project security of railways in Europe against Electromagnetic Attacks (SECRET). IEEE Electromagn. Compat. Mag. 3(4), 80–85 (2014). https://doi.org/10.1109/MEMC.2014.7023203
Esiner, E., Mashima, D., Chen, B., Kalbarczyk, Z., Nicol, D.: F-Pro: a fast and flexible provenance-aware message authentication scheme for smart grid. In: IEEE SmartGridComm, pp. 1–7 (2019). https://doi.org/10.1109/SmartGridComm.2019.8909712
Farooq, J., Bro, L., Karstensen, R.T., Soler, J.: A multi-radio, multi-hop ad-hoc radio communication network for communications-based train control (CBTC). In: IEEE 86th Vehicular Technology Conference (VTC-Fall), pp. 1–7 (2017). https://doi.org/10.1109/VTCFall.2017.8288281
Farooq, J., Soler, J.: Radio communication for communications-based train control (CBTC): a tutorial and survey. IEEE Commun. Surv. Tutor. 19(3), 1377–1402 (2017). https://doi.org/10.1109/COMST.2017.2661384
Fitzmaurice, M.: Wayside communications: CBTC data communications subsystems. IEEE Veh. Technol. Mag. 8(3), 73–80 (2013). https://doi.org/10.1109/MVT.2013.2269191
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) Radio Frequency Identification: Security and Privacy Issues, RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16822-2_4
Ge, M., Kim, H.K., Kim, D.S.: Evaluating security and availability of multiple redundancy designs when applying security patches. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 53–60 (2017). https://doi.org/10.1109/DSN-W.2017.37
Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: a defense against wormhole attacks in wireless networks. In: IEEE INFOCOM, vol. 3, pp. 1976–1986, March 2003. https://doi.org/10.1109/INFCOM.2003.1209219
Huang, C.: Hong Kong MTR train crash blamed on Thales signalling system linked to Joo Koon collision, March 2018. https://bit.ly/2ukEueR. Accessed 21 Mar 2018
Lakshminarayana, S., et al.: Signal jamming attacks against communication-based train control: attack impact and countermeasure. In: Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 160–171. WiSec, ACM, New York (2018). https://doi.org/10.1145/3212480.3212500
Liu, Y., Wu, Y., Kalbarczyk, Z.: Smart maintenance via dynamic fault tree analysis: a case study on Singapore MRT system. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 511–518, June 2017. https://doi.org/10.1109/DSN.2017.50
Mercuri, R.T., Neumann, P.G.: Security by obscurity. Commun. ACM 46(11), 160 (2003)
Pascoe, R.D., Eichorn, T.N.: What is communication-based train control? IEEE Veh. Technol. Mag. 4(4), 16–21 (2009). https://doi.org/10.1109/MVT.2009.934665
Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) Fast Software Encryption, vol. 3017, pp. 371–388. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25937-4_24
Sim, D.: How the circle line rogue train was caught with data (2016). https://blog.data.gov.sg/how-we-caught-the-circle-line-rogue-train-with-data-79405c86ab6a. Accessed 23 Feb 2022
Taylor, J.M., Sharif, H.R.: Security challenges and methods for protecting critical infrastructure cyber-physical systems. In: MoWNeT, pp. 1–6, May 2017. https://doi.org/10.1109/MoWNet.2017.8045959
Tefek, U., Lim, T.J.: Channel-hopping on multiple channels for full rendezvous diversity in cognitive radio networks. In: IEEE GLOBECOM, pp. 4714–4719, December 2014. https://doi.org/10.1109/GLOCOM.2014.7037552
Tefek, U., Esiner, E.: Coverage analysis of cooperative relaying for urban transportation systems in tunnels. In: IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020). https://doi.org/10.1109/ICC40277.2020.9148695
The Land Transport Authority: Executive summary of investigation report into train collision at Joo Koon station westbound platform on 15 November 2017, December 2017. https://tinyurl.com/tp8j3bv. Accessed 10 Mar 2020
Zhu, L., Yu, F.R., Ning, B., Tang, T.: Design and performance enhancements in communication-based train control systems with coordinated multipoint transmission and reception. IEEE Trans. Intell. Transp. Syst. 15(3), 1258–1272 (2014). https://doi.org/10.1109/TITS.2014.2298409
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Tefek, U., Esiner, E., Wei, L., Hu, YC. (2022). TASC: Transparent, Agnostic, Secure Channel for CBTC Under Failure or Cyberattack. In: Collart-Dutilleul, S., Haxthausen, A.E., Lecomte, T. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2022. Lecture Notes in Computer Science, vol 13294. Springer, Cham. https://doi.org/10.1007/978-3-031-05814-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-05814-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-05813-4
Online ISBN: 978-3-031-05814-1
eBook Packages: Computer ScienceComputer Science (R0)