Skip to main content

TASC: Transparent, Agnostic, Secure Channel for CBTC Under Failure or Cyberattack

  • Conference paper
  • First Online:
Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification (RSSRail 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13294))

  • 486 Accesses


Modern railway systems rely on communication-based train control (CBTC) for traffic management and automation. CBTC provides the controller with precise, timely updates on the position/speed of trains and communicates the corresponding control information to the trains. However, disruptions due to potential component failures and jamming attacks threaten the communication availability in CBTC. To improve availability, we propose a countermeasure based on redundant communications. The proposed Transparent, Agnostic, Secure Communication (TASC) system sniffs and tunnels the CBTC messages through an alternative network to their intended receivers. Prior works mitigate the impact of jamming and failures through hardware modifications to CBTC. In contrast, TASC is transparent to the underlying system, causing no interference unless signaling is disrupted, and designed to be agnostic to communication protocols above the physical-layer. Unlike commonly adopted active redundancy via the duplication of components, TASC steps in only upon signaling disruptions, employing standby redundancy.

This work was supported in part by the National Research Foundation (NRF), Prime Ministers Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-031) and administered by the National Cybersecurity R&D Directorate, and in part by the National Research Foundation, Prime Minister’s Office, Singapore under its Campus for Research Excellence and Technological Enterprise (CREATE) programme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    Zone Controller, also known as the Wayside Controller, is responsible for controlling a particular section comprising of multiple access points in the railway network.

  2. 2.

    For 128-bit security, we chose SHA-256 as the digest function of the employed HMAC. We concatenate a timestamp to the input of HMAC for freshness.

  3. 3.

    Likewise, HMAC can be sent along with the train data for authentication and integrity. Encryption may be considered if confidentiality is of concern. We used 128-bit AES for 128-bit security.


  1. Chang, S., Tran, B.A.N., Hu, Y., Jones, D.L.: Jamming with power boost: leaky waveguide vulnerability in train systems. In: IEEE 21st International Conference on Parallel and Distributed Systems, pp. 37–43 (2015).

  2. Chen, B., et al.: Security analysis of urban railway systems: the need for a cyber-physical perspective. In: Koornneef, F., van Gulijk, C. (eds.) Computer Safety, Reliability, and Security, vol. 9338, pp. 277–290. Springer, Cham (2015).

  3. Coit, D.W.: Cold-standby redundancy optimization for nonrepairable systems. IIE Trans. 33(6), 471–478 (2001).

    Article  Google Scholar 

  4. Deniau, V.: Overview of the European project security of railways in Europe against Electromagnetic Attacks (SECRET). IEEE Electromagn. Compat. Mag. 3(4), 80–85 (2014).

    Article  Google Scholar 

  5. Esiner, E., Mashima, D., Chen, B., Kalbarczyk, Z., Nicol, D.: F-Pro: a fast and flexible provenance-aware message authentication scheme for smart grid. In: IEEE SmartGridComm, pp. 1–7 (2019).

  6. Farooq, J., Bro, L., Karstensen, R.T., Soler, J.: A multi-radio, multi-hop ad-hoc radio communication network for communications-based train control (CBTC). In: IEEE 86th Vehicular Technology Conference (VTC-Fall), pp. 1–7 (2017).

  7. Farooq, J., Soler, J.: Radio communication for communications-based train control (CBTC): a tutorial and survey. IEEE Commun. Surv. Tutor. 19(3), 1377–1402 (2017).

    Article  Google Scholar 

  8. Fitzmaurice, M.: Wayside communications: CBTC data communications subsystems. IEEE Veh. Technol. Mag. 8(3), 73–80 (2013).

    Article  Google Scholar 

  9. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) Radio Frequency Identification: Security and Privacy Issues, RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010).

  10. Ge, M., Kim, H.K., Kim, D.S.: Evaluating security and availability of multiple redundancy designs when applying security patches. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 53–60 (2017).

  11. Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: a defense against wormhole attacks in wireless networks. In: IEEE INFOCOM, vol. 3, pp. 1976–1986, March 2003.

  12. Huang, C.: Hong Kong MTR train crash blamed on Thales signalling system linked to Joo Koon collision, March 2018. Accessed 21 Mar 2018

  13. Lakshminarayana, S., et al.: Signal jamming attacks against communication-based train control: attack impact and countermeasure. In: Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 160–171. WiSec, ACM, New York (2018).

  14. Liu, Y., Wu, Y., Kalbarczyk, Z.: Smart maintenance via dynamic fault tree analysis: a case study on Singapore MRT system. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 511–518, June 2017.

  15. Mercuri, R.T., Neumann, P.G.: Security by obscurity. Commun. ACM 46(11), 160 (2003)

    Article  Google Scholar 

  16. Pascoe, R.D., Eichorn, T.N.: What is communication-based train control? IEEE Veh. Technol. Mag. 4(4), 16–21 (2009).

    Article  Google Scholar 

  17. Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) Fast Software Encryption, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).

    Chapter  Google Scholar 

  18. Sim, D.: How the circle line rogue train was caught with data (2016). Accessed 23 Feb 2022

  19. Taylor, J.M., Sharif, H.R.: Security challenges and methods for protecting critical infrastructure cyber-physical systems. In: MoWNeT, pp. 1–6, May 2017.

  20. Tefek, U., Lim, T.J.: Channel-hopping on multiple channels for full rendezvous diversity in cognitive radio networks. In: IEEE GLOBECOM, pp. 4714–4719, December 2014.

  21. Tefek, U., Esiner, E.: Coverage analysis of cooperative relaying for urban transportation systems in tunnels. In: IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020).

  22. The Land Transport Authority: Executive summary of investigation report into train collision at Joo Koon station westbound platform on 15 November 2017, December 2017. Accessed 10 Mar 2020

  23. Zhu, L., Yu, F.R., Ning, B., Tang, T.: Design and performance enhancements in communication-based train control systems with coordinated multipoint transmission and reception. IEEE Trans. Intell. Transp. Syst. 15(3), 1258–1272 (2014).

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Utku Tefek .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tefek, U., Esiner, E., Wei, L., Hu, YC. (2022). TASC: Transparent, Agnostic, Secure Channel for CBTC Under Failure or Cyberattack. In: Collart-Dutilleul, S., Haxthausen, A.E., Lecomte, T. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2022. Lecture Notes in Computer Science, vol 13294. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-05813-4

  • Online ISBN: 978-3-031-05814-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics