Security Analysis of Rolling Stock and Train Systems
Category: Network security
Location: Zurich / Thun
Contact:
Martin Strohmeier, Bernhard Tellenbach
Rolling stock is a critical infrastructure that requires high levels of safety and security. While a lot of research has been conducted previously in other critical infrastructure domains such as aerospace, cars or industrial control systems, rolling stock and train systems have been neglected so far, mainly due to their inaccessibility. This thesis will be conducted in collabortion with a train operator.
The Train Control and Management System (TCMS) and Automatic Train Control (ATC) systems are the backbone of on- board rolling stock networks, and their security is of utmost importance. Intrusion detection systems are commonly used to detect malicious activity on computer networks, but traditional methods may not be suitable for rolling stock. On-board rolling stock networks are special environments and differ from both traditional IT and OT networks. Challenges that are to be addressed are safety requirements, limited computing power of certified rolling stock hardware, limited bandwidth and functionality of networking components, limited connectivity and incomplete or missing protocol information. An on- board intrusion detection system must cope with a diverse set of subsystems that must be monitored: among them are doors, brakes, propulsion, signaling, monitoring, comfort and communication systems. Another challenge is the diverse nature of potential intrusions. Intruders can use various techniques, such as jamming the networks, hacking into on-board systems or interfering with network traffic through packet insertion or packet replay attacks. Thus, the intrusion detection system must be capable of detecting different types of intrusions and distinguish them from other rare/anomalous events like system malfunctions, operational exceptions or misoperation.
In safety-relevant on-board systems, the three network types Ethernet [TRDP], MVB and CAN prevail. The master project will focus on one of the three network types and will conduct security analysis and examine the potential for countermeasures in existing and future rolling stock.