Skip to main content
SpringerLink
Log in

How Secure Is ERTMS?

  • Conference paper
Computer Safety, Reliability, and Security (SAFECOMP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7613))

Included in the following conference series:

Abstract

This paper reports on the results of a security analysis of the European Railway Traffic Management System (ERTMS) specifications. ERTMS is designed to be fail-safe and the general philosophy of ‘if in doubt, stop the train’ makes it difficult to engineer a train accident. However, it is possible to exploit the fail-safe behaviour of ERTMS and create a situation that causes a train to halt. Thus, denial of service attacks are possible, and could be launched at a time and place of the attacker’s choosing, perhaps designed to cause maximum disruption or passenger discomfort. Causing an accident is more difficult but not impossible.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bloomfield, R., Stroud, R., Gashi, I., Bloomfield, R.: Information Security Audit of ERTMS, Technical Report (2010)

    Google Scholar 

  2. Stroud, R., Gashi, I., Bloomfield, R., Bloomfield, R.: ERTMS Specification Security Audit – Analysis of Attack Scenarios, Technical Report (2011)

    Google Scholar 

  3. UNISIG SUBSET-026, System Requirement Specification, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-026.aspx

  4. UNISIG SUBSET-037, Euroradio FIS, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-037.aspx

  5. UNISIG SUBSET-038, Offline Key management FIS, Version 2.3.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-038.aspx

  6. UNISIG SUBSET-114, KMC-ETCS Entity Off-line KM FIS, Version 1.0.0, http://www.era.europa.eu/Document-Register/Pages/UNISIGSUBSET-114.aspx

  7. Quirke, J.: Security in the GSM system (2004)

    Google Scholar 

  8. Bloomfield, R., Craigen, D., Miller, A.: Dual Use of High Assurance Technologies, Technical Report (2009), http://www.rto.nato.int/Pubs/rdp.asp?RDP=RTO-TR-IST-048

  9. Braband, J.: Safety and Security Requirements for an Advanced Train Control System. In: Proc. 16th International Conference on Computer Safety, Reliability and Security (SAFECOMP 1997). Springer, York (1997)

    Google Scholar 

  10. Stump, F.: Datenübertragung über öffentliche Netze im Bahnverkehr – Fluch oder Segen?!, Safetronic 2010 (2010)

    Google Scholar 

  11. Katzenbeisser, S.: Can trains be hacked? Die Technik der Eisenbahnsicherungsanlagen. In: 28th Chaos Communication Congress, Behind Enemy Lines (December 2011)

    Google Scholar 

  12. BBC News, Train-switching technology ‘poses hacking threat’ (December 2011), http://www.bbc.co.uk/news/technology-16347248

  13. RailUK Forum, BBC News: Hackers could delay trains (December 2011), http://www.railforums.co.uk/showthread.php?t=57565

  14. Bloomfield, R.E., Guerra, S., Miller, A., Masera, M., Weinstock, C.B.: International Working Group on Assurance Cases (for Security). IEEE Security and Privacy 4(3), 66–68 (2006)

    Article  Google Scholar 

  15. SESAMO – Security and Safety Modelling, ARTEMIS Embedded Computing Systems Initiative 2011, Project Number 295354 (May 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Independent Consultant, UK

    Richard Bloomfield

  2. Centre for Software Reliability, City University London, London, UK

    Robin Bloomfield & Ilir Gashi

  3. Adelard LLP, London, UK

    Robin Bloomfield & Robert Stroud

Authors
  1. Richard Bloomfield
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robin Bloomfield
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ilir Gashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Robert Stroud
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Technische und Betriebliche Informationssysteme (ITI), Otto-von-Guericke-Universität, Fakultät für Informatik, Universitätsplatz 2, 39106, Magdeburg, Germany

    Frank Ortmeier

  2. SELEX ELSAG, Liverpool Innovation Park, Edge Lane, Fairfield, L7 9NJ, Liverpool, UK

    Peter Daniel

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bloomfield, R., Bloomfield, R., Gashi, I., Stroud, R. (2012). How Secure Is ERTMS?. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7613. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33675-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33675-1_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33674-4

  • Online ISBN: 978-3-642-33675-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation