TRAKS: A Universal Key Management Scheme for ERTMS
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Authors
Colleges, School and Institutes
External organisations
- Radboud University, Nijmegen, The Netherlands
Abstract
This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.
Bibliographic note
ACM New York, NY, USA ©2017 ISBN: 978-1-4503-5345-8
Details
Original language | English |
---|---|
Title of host publication | ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference |
Publication status | Published - 4 Dec 2017 |
Event | 33rd Annual Computer Security Applications Conference (ACSAC 2017) - Orlando, Florida, United States Duration: 4 Dec 2017 → 8 Dec 2017 |
Conference
Conference | 33rd Annual Computer Security Applications Conference (ACSAC 2017) |
---|---|
Country | United States |
City | Orlando, Florida |
Period | 4/12/17 → 8/12/17 |
Keywords
- Hash functions and message authentication codes, Authorization, Mobile and wireless security, Security and privacy