A Security Architecture for Railway Signalling

  • Christian SchlehuberEmail author
  • Markus Heinrich
  • Tsvetoslava Vateva-Gurova
  • Stefan Katzenbeisser
  • Neeraj Suri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10488)


We present the proposed security architecture Deutsche Bahn plans to deploy to protect its trackside safety-critical signalling system against cyber-attacks. We first present the existing reference interlocking system that is built using standard components. Next, we present a taxonomy to help model the attack vectors relevant for the railway environment. Building upon this, we present the proposed “compartmentalized” defence concept for securing the upcoming signalling systems.



Research supported in part by EC CIPSEC GA 700378.


  1. 1.
    CENELEC: EN 50126: Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) (1999)Google Scholar
  2. 2.
    DKE: Elektrische Bahn-Signalanlagen - Teil 104: Leitfaden für die IT-Sicherheit auf Grundlage der IEC 62443 (DIN VDE V 0831-104) (2014)Google Scholar
  3. 3.
    DKE: Electric signalling systems for railways - Part 200: Safe transmission protocol according to DIN EN 50159 (DIN VDE V 0831-200) (2015)Google Scholar
  4. 4.
    Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005). doi: 10.1016/j.cose.2004.06.011 CrossRefGoogle Scholar
  5. 5.
    Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Technical report SAND98-8667, Sandia Natl Lab, (1998). doi: 10.2172/751004
  6. 6.
    Intl. Electrotechnical Commission: IEC 62443 Industrial communication networks - Network and system security. IEC 62443, November 2010Google Scholar
  7. 7.
    Meyers, C., Powers, S., Faissol, D.: Taxonomies of cyber adversaries and attacks: a survey of incidents and approaches. Lawrence Livermore Natl. Lab. 7, 1–22 (2009). doi: 10.2172/967712 Google Scholar
  8. 8.
    Simmons, C., Shiva, S., Bedi, H., Dasgupta, D.: Avoidit: A cyber attack taxonomy. In: Annual Symposium on Information Assurance, pp. 2–12 (2014)Google Scholar
  9. 9.
    Weber, D.J.: A taxonomy of computer intrusions. Ph.D. thesis, MIT (1998)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Christian Schlehuber
    • 1
    Email author
  • Markus Heinrich
    • 2
  • Tsvetoslava Vateva-Gurova
    • 2
  • Stefan Katzenbeisser
    • 2
  • Neeraj Suri
    • 2
  1. 1.DB Netz AGFrankfurtGermany
  2. 2.Department of Computer ScienceTU DarmstadtDarmstadtGermany

Personalised recommendations