TRAKS: A Universal Key Management Scheme for ERTMS

Richard Thomas; Mihai Ordean; Tom Chothia; Joeri De Ruiter

doi:10.1145/3134600.3134631

TRAKS: A Universal Key Management Scheme for ERTMS

Richard Thomas, Mihai Ordean, Tom Chothia, Joeri De Ruiter

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

314 Downloads (Pure)

Abstract

This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.

Original language	English
Title of host publication	ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference
Publisher	Association for Computing Machinery (ACM)
Pages	327-338
ISBN (Electronic)	9781450353458
DOIs	https://doi.org/10.1145/3134600.3134631
Publication status	Published - 4 Dec 2017
Event	33rd Annual Computer Security Applications Conference (ACSAC 2017) - Orlando, Florida, United States Duration: 4 Dec 2017 → 8 Dec 2017

Conference

Conference	33rd Annual Computer Security Applications Conference (ACSAC 2017)
Country/Territory	United States
City	Orlando, Florida
Period	4/12/17 → 8/12/17

Bibliographical note

Keywords

Hash functions and message authentication codes
Authorization
Mobile and wireless security
Security and privacy

Access to Document

10.1145/3134600.3134631

traks_paperAccepted author manuscript, 766 KBLicence: None: All rights reserved
Thomas_et_al_TRAKS_A_universal_key_2018
Checked for eligibility: 15/03/2018
Accepted author manuscript, 1.16 MB

SCEPTICS: A SystematiC Evaluation Process for Threats to Industrial Control Systems
Roberts, C., Chothia, T., Ryan, M. & Zhang, X.
Engineering & Physical Science Research Council
1/10/14 → 31/12/17
Project: Research Councils

Cite this

@inproceedings{92094d01993f40c09100d34a9a0cd999,

title = "TRAKS: A Universal Key Management Scheme for ERTMS",

abstract = "This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.",

keywords = "Hash functions and message authentication codes, Authorization, Mobile and wireless security, Security and privacy",

author = "Richard Thomas and Mihai Ordean and Tom Chothia and {De Ruiter}, Joeri",

note = "ACM New York, NY, USA {\textcopyright}2017 ISBN: 978-1-4503-5345-8 ; 33rd Annual Computer Security Applications Conference (ACSAC 2017) ; Conference date: 04-12-2017 Through 08-12-2017",

year = "2017",

month = dec,

day = "4",

doi = "10.1145/3134600.3134631",

language = "English",

pages = "327--338",

booktitle = "ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

}

Thomas, R , Ordean, M , Chothia, T & De Ruiter, J 2017, TRAKS: A Universal Key Management Scheme for ERTMS. in ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference. Association for Computing Machinery (ACM), pp. 327-338, 33rd Annual Computer Security Applications Conference (ACSAC 2017), Orlando, Florida, United States, 4/12/17. https://doi.org/10.1145/3134600.3134631

TY - GEN

T1 - TRAKS: A Universal Key Management Scheme for ERTMS

AU - Thomas, Richard

AU - Ordean, Mihai

AU - Chothia, Tom

AU - De Ruiter, Joeri

PY - 2017/12/4

Y1 - 2017/12/4

N2 - This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.

AB - This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.

KW - Hash functions and message authentication codes

KW - Authorization

KW - Mobile and wireless security

KW - Security and privacy

U2 - 10.1145/3134600.3134631

DO - 10.1145/3134600.3134631

M3 - Conference contribution

SP - 327

EP - 338

BT - ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference

PB - Association for Computing Machinery (ACM)

T2 - 33rd Annual Computer Security Applications Conference (ACSAC 2017)

Y2 - 4 December 2017 through 8 December 2017

ER -

TRAKS: A Universal Key Management Scheme for ERTMS

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Projects

SCEPTICS: A SystematiC Evaluation Process for Threats to Industrial Control Systems

Cite this