TRAKS: A Universal Key Management Scheme for ERTMS

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Standard

TRAKS: A Universal Key Management Scheme for ERTMS. / Thomas, Richard; Ordean, Mihai; Chothia, Tom; De Ruiter, Joeri.

ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference. Association for Computing Machinery (ACM), 2017. p. 327-338.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Thomas, R, Ordean, M, Chothia, T & De Ruiter, J 2017, TRAKS: A Universal Key Management Scheme for ERTMS. in ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference. Association for Computing Machinery (ACM), pp. 327-338, 33rd Annual Computer Security Applications Conference (ACSAC 2017), Orlando, Florida, United States, 4/12/17. https://doi.org/10.1145/3134600.3134631

APA

Thomas, R., Ordean, M., Chothia, T., & De Ruiter, J. (2017). TRAKS: A Universal Key Management Scheme for ERTMS. In ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference (pp. 327-338). Association for Computing Machinery (ACM). https://doi.org/10.1145/3134600.3134631

Vancouver

Thomas R, Ordean M, Chothia T, De Ruiter J. TRAKS: A Universal Key Management Scheme for ERTMS. In ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference. Association for Computing Machinery (ACM). 2017. p. 327-338 https://doi.org/10.1145/3134600.3134631

Author

Thomas, Richard ; Ordean, Mihai ; Chothia, Tom ; De Ruiter, Joeri. / TRAKS: A Universal Key Management Scheme for ERTMS. ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference. Association for Computing Machinery (ACM), 2017. pp. 327-338

Bibtex

@inproceedings{92094d01993f40c09100d34a9a0cd999,
title = "TRAKS: A Universal Key Management Scheme for ERTMS",
abstract = "This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.",
keywords = "Hash functions and message authentication codes, Authorization, Mobile and wireless security, Security and privacy",
author = "Richard Thomas and Mihai Ordean and Tom Chothia and {De Ruiter}, Joeri",
note = "ACM New York, NY, USA {\textcopyright}2017 ISBN: 978-1-4503-5345-8 ; 33rd Annual Computer Security Applications Conference (ACSAC 2017) ; Conference date: 04-12-2017 Through 08-12-2017",
year = "2017",
month = dec,
day = "4",
doi = "10.1145/3134600.3134631",
language = "English",
pages = "327--338",
booktitle = "ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

RIS

TY - GEN

T1 - TRAKS: A Universal Key Management Scheme for ERTMS

AU - Thomas, Richard

AU - Ordean, Mihai

AU - Chothia, Tom

AU - De Ruiter, Joeri

N1 - ACM New York, NY, USA ©2017 ISBN: 978-1-4503-5345-8

PY - 2017/12/4

Y1 - 2017/12/4

N2 - This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.

AB - This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. We achieve this by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, our scheme also adds authentication to the location data provided by EuroBalises.

KW - Hash functions and message authentication codes

KW - Authorization

KW - Mobile and wireless security

KW - Security and privacy

U2 - 10.1145/3134600.3134631

DO - 10.1145/3134600.3134631

M3 - Conference contribution

SP - 327

EP - 338

BT - ACSAC 2017 Proceedings of the 33rd Annual Computer Security Applications Conference

PB - Association for Computing Machinery (ACM)

T2 - 33rd Annual Computer Security Applications Conference (ACSAC 2017)

Y2 - 4 December 2017 through 8 December 2017

ER -