Abstract
Modern train systems adopt communication-based train control (CBTC), which uses wireless communications to better monitor and control the train operations. Despite the well-studied security issues in wireless networking in information technology applications, security implementations in trains have been lagging; many train systems rely on security by obscurity and forgo well-established security practices such as key updates. To secure train systems against increasingly evolving and persistent attackers and mitigate key breach (which can occur due to misuse of the key), we build a key update scheme, Key Update at Train Stations (KUTS), that leverages the inherent physical aspects of train operations (mobility/infrastructure-asymmetry between the stations and the trains and the operational differences when the trains are at stations and between the stations). Furthermore, by incorporating separation of key chain and use and on the entities providing the key seeds, KUTS protects the key seeds for future updates against the breach of the current key and is both key-collision irrelevant (thwarting known collision-based threats on one-way random functions) and system-compromise resilient (protecting the key secrecy even when the train system is compromised). We theoretically analyze KUTS’s effectiveness, security strength, and security properties. We also implement KUTS on various computing devices to study the performance overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The choice of KUTS stations is a design parameter which has a tradeoff between security strength and complexity/computation and is beyond the scope of this paper. Section 5 provides analyses and insights that can be helpful in making such design choices.
References
Heddebaut, M., Mili, S., Sodoyer, D., Jacob, E., Aguado, M., Zamalloa, C.P., Lopez, I., Deniau, V.: Towards a resilient railway communication network against electromagnetic attacks. In: TRA - Transport Research Arena, France, p. 10p, April 2014. https://hal.archives-ouvertes.fr/hal-01061258
He, H.: Passenger wi-fi freezes third Shenzhen metro train in a week. South China Morning Post. http://www.scmp.com/news/china/article/1078165/passenger-wi-fi-freezes-third-shenzhen-metro-train-week
Squatriglia, C.: Polish teen hacks his citys trams, chaos ensues. Wired. http://www.wired.com/2008/01/polish-teen-hac/
Greenber, A.: Hackers remotely kill a jeep on the highwaywith me in it. Wired. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Finkle, J., Woodall, B.: Researcher says can hack GM’s OnStar app, open vehicle, start engine, Reuters. http://www.reuters.com/article/2015/07/30/us-gm-hacking-idUSKCN0Q42FI20150730
Foster, I., Prudhomme, A., Koscher, K., Savage, S.: Fast and vulnerable: a story of telematic failures. In: 9th USENIX Workshop on Offensive Technologies (WOOT 2015). USENIX Association, Washington, D.C., August 2015. http://blogs.usenix.org/conference/woot15/workshop-program/presentation/foster
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 6. USENIX Association, Berkeley (2011). http://dl.acm.org/citation.cfm?id=2028067.2028073
American Public Transportation Association (APTA): Securing control and communications systems in rail transmit environments, part II: Defining a security zone architecture for rail transit and protecting critical zones, Recommended Practice, ATPA-SS-CCS-RP-002-13 (2013)
American Public Transportation Association (APTA): Cybersecurity considerations for public transit, Recommended Practice, ATPA-SS-ECS-RP-001-14 (2014)
Deniau, V.: Overview of the European project security of railways in Europe against electromagnetic attacks (secret). IEEE Electromagn. Compat. Mag. 3(4), 80–85 (2014)
Chang, S.-Y., Tran, B.A.N., Hu, Y.-C., Jones, D.L.: Jamming with power boost: leaky waveguide vulnerability in train systems. In: 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS), pp. 37–43, December 2015
Lopez, I., Aguado, M.: Cyber security analysis of the european train control system. IEEE Commun. Mag. 53(10), 110–116 (2015)
Hartong, M., Goel, R., Wijesekera, D.: Key management requirements for positive train control communications security. In: Proceedings of the 2006 IEEE/ASME Joint Rail Conference, pp. 253–262, April 2006
Reiter, M., Stubblebine, S.: Resilient authentication using path independence. IEEE Trans. Comput. 47(12), 1351–1362 (1998)
Zhao, M., Smith, S.W., Nicol, D.M.: Aggregated path authentication for efficient BGP security. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 128–138. ACM, New York (2005). http://doi.acm.org/10.1145/1102120.1102139
Kim, T.H.-J., Basescu, C., Jia, L., Lee, S.B., Hu, Y.-C., Perrig, A.: Lightweight source authentication and path validation. In: Proceedings of the 2014 ACM Conference on SIGCOMM, SIGCOMM 2014, pp. 271–282. ACM, New York (2014). http://doi.acm.org/10.1145/2619239.2626323
Blass, E.-O., Elkhiyaoui, K., Molva, R.: Tracker: security and privacy for RFID-based supply chains. In: 18th Annual Network and Distributed System Security Symposium NDSS 2011, 6–9 February 2011, San Diego, CA, USA (2011). http://www.eurecom.fr/publication/3233. Accessed Feb 2011
Elkhiyaoui, K., Blass, E.-O., Molva, R.: CHECKER: on-site checking in RFID-based supply chains. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 173–184. ACM, New York (2012). http://doi.acm.org/10.1145/2185448.2185471
Cai, S., Li, Y., Zhao, Y.: Distributed path authentication for dynamic RFID-enabled supply chains. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) Information Security and Privacy Research. SEC 2012. IFIPAICT, vol. 376, pp. 501–512. Springer, Heidelberg (2012)
Cai, S., Deng, R.H., Li, Y., Zhao, Y.: A new framework for privacy of RFID path authentication. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 473–488. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31284-7_28
Challal, Y., Bouabdallah, A., Hinard, Y.: Efficient multicast source authentication using layered hash-chaining scheme. In: 29th Annual IEEE International Conference on Local Computer Networks, pp. 411–412, November 2004
Fredman, M.L., Komlós, J., Szemerédi, E.: Storing a sparse table with 0(1) worst case access time. J. ACM 31(3), 538–544 (1984). http://doi.acm.org/10.1145/828.1884
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop (2003)
Whyte, W., Weimerskirch, A., Kumar, V., Hehn, T.: A security credential management system for V2V communications. In: Vehicular Networking Conference (VNC), pp. 1–8. IEEE, December 2013
Rajendran, J., Sinanoglu, O., Karri, R.: Is split manufacturing secure? In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1259–1264, March 2013
Imeson, F., Emtenan, A., Garg, S., Tripunitara, M.: Securing computer hardware using 3D integrated circuit (IC) technology, split manufacturing for obfuscation. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 2013), pp. 495–510. USENIX, Washington, D.C. (2013). https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/imeson
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948). http://dx.doi.org/10.1002/j.1538-7305.1948.tb01338.x
Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)
Acknowledgments
This work was supported by the National Research Foundation (NRF), Prime Ministers Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate and by the Human-Centered Cyber-physical Systems Programme at the Advanced Digital Sciences Center from Singapore’s Agency for Science, Technology and Research (A\(^\star \)STAR).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chang, SY., Cai, S., Seo, H., Hu, YC. (2017). Key Update at Train Stations: Two-Layer Dynamic Key Update Scheme for Secure Train Communications. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-59608-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59607-5
Online ISBN: 978-3-319-59608-2
eBook Packages: Computer ScienceComputer Science (R0)