Cyber security analysis of the European train control system
|Volume:||53||Journal:||IEEE Communications Magazine|
One of the key research issues in further strengthening the role of railways in the transportation system is to achieve the highest possible level of cyber security against significant threats to the signaling and telecom systems. The European Rail Traffic Management System (ERTMS) was designed in the 1990s with the security measures and strategies available at the time. However, ERTMS' underlying communication technology, GSM-R, needs replacing, and replacement strategies are already underway. Due to their direct effects on safety, ERTMS security mechanisms also need updating to face current security threats. This article provides a security analysis of ERTMS' safety layer, Euroradio, in terms of current security threats. After identifying its vulnerabilities, we present four main recommendations: a more robust cryptographic mechanism, a new key distribution scheme, a new key storage and system integrity module, and a set of countermeasures for avoiding radio jamming attacks.