Data Integrity Threats and Countermeasures in Railway Spot Transmission Systems
This addresses security risks in railway systems, which could impact train safety and operations, but is incremental as it builds on existing standards and methods.
The paper tackles data integrity threats in railway balise transmission systems, which are vulnerable to cyber attacks, and proposes a two-layer solution with device-level cryptography and a system-level secure speed controller, demonstrating effectiveness through simulation.
Modern trains rely on balises (communication beacons) located on the track to provide location information as they traverse a rail network. Balises, such as those conforming to the Eurobalise standard, were not designed with security in mind and are thus vulnerable to cyber attacks targeting data availability, integrity, or authenticity. In this work, we discuss data integrity threats to balise transmission modules and use high-fidelity simulation to study the risks posed by data integrity attacks. To mitigate such risk, we propose a practical two-layer solution: at the device level, we design a lightweight and low-cost cryptographic solution to protect the integrity of the location information; at the system layer, we devise a secure hybrid train speed controller to mitigate the impact under various attacks. Our simulation results demonstrate the effectiveness of our proposed solutions.