Abstract
This paper reports on the results of a security analysis of the European Railway Traffic Management System (ERTMS) specifications. ERTMS is designed to be fail-safe and the general philosophy of ‘if in doubt, stop the train’ makes it difficult to engineer a train accident. However, it is possible to exploit the fail-safe behaviour of ERTMS and create a situation that causes a train to halt. Thus, denial of service attacks are possible, and could be launched at a time and place of the attacker’s choosing, perhaps designed to cause maximum disruption or passenger discomfort. Causing an accident is more difficult but not impossible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bloomfield, R., Stroud, R., Gashi, I., Bloomfield, R.: Information Security Audit of ERTMS, Technical Report (2010)
Stroud, R., Gashi, I., Bloomfield, R., Bloomfield, R.: ERTMS Specification Security Audit – Analysis of Attack Scenarios, Technical Report (2011)
UNISIG SUBSET-026, System Requirement Specification, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-026.aspx
UNISIG SUBSET-037, Euroradio FIS, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-037.aspx
UNISIG SUBSET-038, Offline Key management FIS, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-038.aspx
UNISIG SUBSET-114, KMC-ETCS Entity Off-line KM FIS, Version 1.0.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-114.aspx
Quirke, J.: Security in the GSM system (2004)
Bloomfield, R., Craigen, D., Miller, A.: Dual Use of High Assurance Technologies, Technical Report (2009), http://www.rto.nato.int/Pubs/rdp.asp?RDP=RTO-TR-IST-048
Braband, J.: Safety and Security Requirements for an Advanced Train Control System. In: Proc. 16th International Conference on Computer Safety, Reliability and Security (SAFECOMP 1997). Springer, York (1997)
Stump, F.: Datenübertragung über öffentliche Netze im Bahnverkehr – Fluch oder Segen?!, Safetronic 2010 (2010)
Katzenbeisser, S.: Can trains be hacked? Die Technik der Eisenbahnsicherungsanlagen. In: 28th Chaos Communication Congress, Behind Enemy Lines (December 2011)
BBC News, Train-switching technology ‘poses hacking threat’ (December 2011), http://www.bbc.co.uk/news/technology-16347248
RailUK Forum, BBC News: Hackers could delay trains (December 2011), http://www.railforums.co.uk/showthread.php?t=57565
Bloomfield, R.E., Guerra, S., Miller, A., Masera, M., Weinstock, C.B.: International Working Group on Assurance Cases (for Security). IEEE Security and Privacy 4(3), 66–68 (2006)
SESAMO – Security and Safety Modelling, ARTEMIS Embedded Computing Systems Initiative 2011, Project Number 295354 (May 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bloomfield, R., Bloomfield, R., Gashi, I., Stroud, R. (2012). How Secure Is ERTMS?. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7613. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33675-1_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-33675-1_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33674-4
Online ISBN: 978-3-642-33675-1
eBook Packages: Computer ScienceComputer Science (R0)