Communication-based train control (CBTC) systems utilize continuous, high-capacity, and bidirectional train-to-wayside wireless communications to ensure the safe and efficient operation, where wireless local area networks (WLANs) based on 802.11 protocols are adopted as the main method. WLANs are working at the public frequency, and malicious interference and attacks are inevitable, which can badly affect the performance of CBTC systems. Due to the fail-safe mechanisms of CBTC systems, malicious attacks can cause the emergency braking of trains, and the operation efficiency can be reduced. Based on the vulnerabilities of WLANs, a multi-channel man-in-the-middle (MitM) attack on WLAN-based train-to-wayside communications is considered. The proposed attack method can manipulate the 802.11 frames, and bring delays, packet losing, and even modification of messages transmitted between trains and wayside equipment. Based on the operation principles of CBTC systems, the impacts of MitM attack are quantified according to the comparison between the train trajectories under attacks and the preset optimal running profiles of trains. Simulation results demonstrate principles and consequences of MitM attack.
- Communication-based train control
- Multi-channel Man-in-the-Middle attack
- Cyber-physical system information security
- Attack impact