Skip to main content
SpringerLink
Log in

Towards an IT Security Protection Profile for Safety-Related Communication in Railway Automation

  • Conference paper
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7612))

Included in the following conference series:

Abstract

Some recent incidents have shown that possibly the vulnerability of IT systems in railway automation has been underestimated so far. Fortunately so far almost only denial of service attacks have been successful, but due to several trends, such as the use of commercial IT and communication systems or privatization, the threat potential could increase in the near future. However, up to now, no harmonized IT security requirements for railway automation exist. This paper defines a reference communication architecture which aims to separate IT security and safety requirements as well as certification processes as far as possible, and discusses the threats and IT security objectives including typical assumptions in the railway domain. Finally examples of IT security requirements are stated and discussed based on the approach advocated in the Common Criteria, in the form of a protection profile.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://www.nextgov.com/nextgov/ng_20120123_3491.php?oref=topstory (accessed on February 7, 2012)

  2. Stumpf, F.: Datenübertragung über öffentliche Netze im Bahnverkehr – Fluch oder Segen? In: Proc. Safetronic 2010, Hanser, München (2010)

    Google Scholar 

  3. Katzenbeisser, S.: Can trains be hacked? In: 28th Chaos Communication Congress, Hamburg (2011)

    Google Scholar 

  4. Thomas, M.: Accidental Systems, Hidden Assumptions and Safety Assurance. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)

    Google Scholar 

  5. Johnson, C.: CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)

    Google Scholar 

  6. EN 50159 Railway applications, Communication, signaling and processing systems –Safety related communication in transmission systems (September 2010)

    Google Scholar 

  7. EN 50129 Railway applications, Communication, signaling and processing systems – Safety-related electronic systems for signaling (February 2003)

    Google Scholar 

  8. ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security (2009)

    Google Scholar 

  9. ISA 99, Standards of the Industrial Automation and Control System Security Committee of the International Society for Automation (ISA) on information security, http://en.wikipedia.org/wiki/Cyber_security_standards

  10. BITKOM / DIN Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk 4. Auflage (2009)

    Google Scholar 

  11. Commission Regulation (EC) No. 352/2009 of 24 April 2009 on the adoption of a common safety method on risk evaluation and assessment as referred to in Article 6(3)(a) of Directive 2004/49/EC of the European Parliament and of the Council

    Google Scholar 

  12. Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 1: Introduction and general model (July 2009)

    Google Scholar 

  13. Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 2: Functional security components (July 2009)

    Google Scholar 

  14. Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 3: Assurance security components (July 2009)

    Google Scholar 

  15. Wickinger, T.: Modern Security Management Systems. Signal & Draht, (4) (2001) (in German)

    Google Scholar 

  16. DB AG: European Patent Application EP2 088 052 A2 (2000)

    Google Scholar 

  17. DIN V VDE V 0831-102: Electric signaling systems for railways – Part 102: Protection profile for technical functions in railway signaling, Draft (2012) (in German)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Deutsche Bahn AG, Berlin, Germany

    Hans-Hermann Bock

  2. Siemens AG, Braunschweig, Germany

    Jens Braband

  3. TU Braunschweig, Braunschweig, Germany

    Birgit Milius

  4. TÜV Rheinland, Köln, Germany

    Hendrik Schäbe

Authors
  1. Hans-Hermann Bock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jens Braband
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Birgit Milius
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hendrik Schäbe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fakultät für Informatik, Institut für Technische und Betriebliche Informationssysteme (ITI), Otto-von-Guericke-Universität, Universitätsplatz 2, 39106, Magdeburg, Germany

    Frank Ortmeier

  2. SELEX ELSAG, Liverpool Innovation Park, Edge Lane, Fairfield, L7 9NJ, Liverpool, UK

    Peter Daniel

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bock, HH., Braband, J., Milius, B., Schäbe, H. (2012). Towards an IT Security Protection Profile for Safety-Related Communication in Railway Automation. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33678-2_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33677-5

  • Online ISBN: 978-3-642-33678-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation