Research on the safety of the communication link of the Radio Based Cab Signaling system

Size: px

Start display at page:

Download "Research on the safety of the communication link of the Radio Based Cab Signaling system"

Lindsey Juliet McCoy
5 years ago
Views:

1 Research on the safety of the communication link of the Radio Based Cab Signaling system C. Li, Y. Zhang, J. Wang & H. Wang Automation Research Institute of Transportation Science & Technology, Beijing Jiaotong University, P. R. China Abstract The Communication Based Train Control (CBTC) system is the development trend of railway signaling. The Chinese railway has made a strategy to develop the Chinese Train Control System (CTCS), which is divided into 5 levels (from level 0 to level 4). In level 3 and level 4, CBTC based on GSM-R network will be realized. Chinese railway is now developing the Radio Based Cab Signaling (RBCS) system as the first attempt on CBTC. Preliminary field tests of the approaching continuous RBCS based on a commercial radio data transceiver have been finished with satisfactory results. This year, a long and exhaustive test of GSM-R based RBCS will be carried out on the pilot project of the Qinghai- Tibet railway. Because the vital data related to operation safety is transmitted in the open communication network, it is easy to be modified or attacked maliciously. Therefore, data transmission safety is a vital factor to be considered in GSM-R based RBCS. This paper will focus on the data transmission safety in the GSM-R based RBCS, primarily about the cryptographic techniques and key management. words: Radio Based Cab Signaling, cipher algorithm, key management system, data transmission, safety. 1 Introduction With railway transportation developing towards high speed, informationization and networking, Communication Based Train Control (CBTC) is becoming the development trend of Chinese railway signaling. The Ministry of Railway (MOR) has made a strategy to develop Chinese Train Control System (CTCS),

2 518 Computers in Railways IX which is divided into 5 levels (from level 0 to level 4). In level 3 and level 4, CBTC based on GSM-R will be realized. Chinese railway is now developing RBCS as the first attempt on CBTC. RBCS transmits control information by means of radio. It consists of two parts: the Station Control Center (SCC) and the Onboard Equipment (OBE). RBCS can use either commercial radio data transceiver or GSM-R as the transmission media. The background to the development of RBCS is the construction of Qinghai- Tibet Railway [1]. Because of the special geographical and climate condition of Qinghai-Tibet Railway, the working stability and routine maintenance of track circuit will encounter many difficulties. So it is necessary to use radio to transmit control data to achieve two purposes. One purpose is to form a close-looped control by the bi-directional -station communication; another is to lower the maintenance cost by greatly reducing the trackside equipment. Preliminary field test of the approaching continuous RBCS based on commercial radio data transceiver has been finished with satisfactory results. Now the approaching continuous GSM-R based RBCS is under development, whose working principle can be briefly described as following. When a enters the effective working area of RBCS, the onboard equipment will apply for registration to the SCC. Upon receiving the registration information, the SCC will collect the cab signal information related to that from the station interlocking, and send it to the. After receiving the cab signal information, the onboard equipment will indicate the cab signal to the driver and relay it to the ATP onboard equipment. At the same time, position and speed, the return receipt of cab signal and so on will be sent back to the SCC in order to check out the correctness of the transmitted information. When the exits the RBCS effective working area, it will be deregistered by the SCC. Because the cab signal information related to operation safety is transmitted through the open GSM-R network, it is easy to be modified and attacked maliciously. So communication safety must be considered in GSM-R based RBCS. According to the characteristic of RBCS, this paper puts forward the implementation of the cipher techniques and key management system in the information transmission of RBCS system. 2 Cipher techniques Because of the opening of radio communication, it is necessary to encrypt the control information. In this paper, the Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode is adopted. 2.1 Data Encryption Standard (DES) DES is a symmetric algorithm, which means that the same algorithm is adopted for encryption and decryption (except the different sequences of cryptographic

3 Computers in Railways IX 519 keys). The plain text block length, the cipher text block length and the key length are all 64 bits. The algorithm of DES is public, so the safety of system totally depends on the confidentiality of key. The block diagram of the algorithm is shown in Figure 1 [3]. K(64bits) X(64bits) DES Y=DES K(X) (64bits ) Figure 1: DES block diagram. 2.2 Cipher Block Chaining (CBC) In the CBS mode, the previous cipher text block is fed back and added to the current plain text block. Figure 2 shows how CBC works. That is Y i = E K (X i +Y i-1 ) (E -- Encryption) Therefore Y i = E K (X i + E K (X i-1 +Y i-2 )) = E K (X i + E K (X i-1 + E K (X i-2 +Y i-3 ))) = The decryption is also simple. D K (Y i ) +Y i-1 = D K (E K (X i +Y i-1 )) +Y i-1 = X i +Y i-1 +Y i-1 = X i (D --Decryption) Note: the initialization vector Y 0 should be set to zero. K Transmission K Yi + Encrypion Decryption + Yi-1 Yi-1 Figure 2: Structure of cipher block chaining.

4 520 Computers in Railways IX 2.3 Implementation of the cipher technique in RBCS In the implementation of the abovementioned cipher technique in RBCS system, the block length is 64 bits. The original telegram is padded with zeros so as to produce a telegram whose length is an exact multiple of 64 bits. The bits used for padding will not be transmitted. A triple-encryption algorithm is adopted with the aim to enhance the safety of data transmission. The length of key k is 192 bits, which is divided into three 64-bit keys k 1,k 2,k 3. Some of these keys are used for encrypting each bit of the message, with the aim to protect data confidentiality; other keys are used for generating Message Authentication Code (MAC) that is put at the end of the message, with the aim to protect data authenticity and integrity. To these two kinds of keys, there are two corresponding algorithms [4]. Transmission Encryption Decryption k1 k2 k3 k3 k2 k1 Yi + EDES DDES EDES DDES EDES DDES + Yi Yi-1 Yi-1 Figure 3: Block diagram of message encryption Message encryption The block diagram of message encryption is shown in Figure 3. E K (X) =EDES K3 (DDES K2 (EDES K1 (X))) D K (X) =DDES K1 (EDES K2 (DDES K3 (X))) Where EDES stands for DES Encryption,and DDES for DES Decryption). After the message in the GSM-R based RBCS is encrypted, the format of the transmitted message is as following: Header Called address Calling address Message length Encrypted message Footer Message authentication code The block diagram of MAC is shown in Figure 4. Let message X be constituted by the 64-bit blocks X 1,X 2,,X q L i =EDES K1 (X i +L i-1 )

5 Computers in Railways IX 521 N i =EDES K3 (DDES K2 (EDES K1 (X i +L i-1 ))) i=1, 2,, q The MAC of message X is equal to N q. The received message will be computed to generate MAC in the receiving end. If the MAC is equal to MAC that is sent from the sending end, the message is accepted; otherwise, the message is regarded as invalid and rejected. K1 K2 K3 + Li Mi EDES DDES EDES Ni Li-1 Figure 4: Block diagram of MAC. After the MAC is generated, the format of the transmitted message with MAC is as following: Header Called address Calling address Message length Message MAC Footer 3 Implementation of key management system in RBCS In the data transmission of RBCS, it is necessary to adopt effective and simple cipher algorithms. However, the confidentiality of encryption system depends on the confidentiality of keys. Therefore, key management is a critical part of safety of radio transmission. management deals with the problems during the whole process from key generation to key deletion. It is difficult to design a safe cipher algorithm, while it is more difficult for key management. In this section, the network structure, system structure and working flow of key management system in RBCS will be introduced. The implementation of key management in GSM-R based RBCS will be explained in detail. 3.1 Network structure of key management system (KMS) The network structure of KMS in RBCS is shown in Figure 5. OBE, SCC and Distribution Center (KDC) communicate with each other. OBE and SCC exchange control information through GSM-R network; the key used for the communication is the KMAC key. The KDC communicates with OBE in order to distribute the KMAC key through GSM-R; the encrypted key used for the communication is KTRANS key. The KDC communicates with SCC in order

6 522 Computers in Railways IX to distribute the KMAC key through the fixed network; the encrypted key used for the communication is the KTRANS key. KDC generates the Base KMAC and the Encryption KTRANS. Firstly, the KDC distributes Encryption KTRANS to OBE and SCC. Secondly, it distributes Base KMAC protected by Encryption KTRANS. Base KMAC and Encryption KTRANS will be stored in the interface as shown in Figure 5. When OBE and SCC communicate with each other, encryption and decryption of control information is finished in the interface. OBE Onboard Computer SCC Station Computer Interface Interface Mobile Terminal KMAC Fixed network KTRANS KDC KTRANS Figure 5: Network structure of KMS. KRA(1) KDC(1) KRA(2) KDC(2) KVA(1,1) KVA(1,2) KVA(2,1) SCC(1,1) SCC(1,2) SCC(1,3) SCC(2,4) up down (KDC Distribution Center (KVA KMAC Validity Area KRA KDC Responsibility Area) SCC Station Control Center) Figure 6: Example of system structure of KMS. 3.2 System Structure of KMS An example of KMS of RBCS is shown in Figure 6. Each will have a communication key (KMAC key) per KVA. This communication key will enable the to communicate with all the SCCs from the KVA. So a will need

7 Computers in Railways IX 523 three KMAC keys to pass through three KVAs. A SCC will have permanently one KMAC key for each that might come into its own KVA. 3.3 Workflow of KMS The workflow of KMS in RBCS is shown in Figure 7. Generation Distribution Changing Recovery Update normal operation Deletion Figure 7: Workflow of KMS in RBCS Generation KDC generates the necessary keys during the normal operation of the system. There are three kinds of keys: Base key KMAC Dedicated for a pair of users for a long time. The KMAC keys are used to protect the authenticity and the data integrity of control information between OBE and SCC Session key KSMAC Used for data exchange between two communication entities only once. The function of session keys is to avoid the frequent change of the base keys. The session keys KSMAC is generated from base keys KMAC, under the agreement between the communication entities and having nothing to do with KDC, with the aim to protect the integrity of communication between OBE and SCC. The session is only effective during each communicating, and will be deleted when the communication is finished encryption key KTRANS and K-KDC Used for encryption when transmitting the base keys. When KDC transmits base key KMAC to OBE and SCC, it uses KTRANS to protect the authentication, integrity and confidentiality of KMAC keys. When different KDCs need to communicate with each other in order to distribute keys, the keys K-KDC are used to protect the distributed keys.

8 524 Computers in Railways IX Distribution Distribution will be necessary in the following cases: initialization, change, update after being lost and outdate. There are three kinds of distributed keys: Distribution of KTRANS key The key of each entity of a KRA is controlled by its own KDC. This KDC will be responsible for distributing a secret key KTRANS to each and each SCC of its KRA Distribution of K-KDC key If different KDCs are going to communicate through an open network, they must use secret keys K-KDC in order to protect their communications Distribution of KMAC key The distribution of the KMAC keys will be finished in two steps: (1) Distribution of the own KMAC keys An own KMAC keys is a key between and SCC of the same KRA. This KDC is responsible to distribute keys for its s and SCCs. The own KMAC keys are transferred with the help of the KTRANS keys. (2) Distribution of the foreign KMAC keys The distribution of the KMAC key related to the SCCs of KRA(i) and the s of KRA(j i) will be done as following: firstly, the KDC(i) of KRA(i) creates the key KMAC and transmits it to the KDC (j). Secondly, the KDC(i) transmits the key KMAC to its own SCCs. Finally, the KDC (j) transmits the key KMAC to the s usage in normal operation Use keys to deal with the normal cipher operation, such as encryption, decryption and MAC generation changing, key recovery and key update When key peculation happens, it is necessary to change key; when keys are lost but not leaked, it is possible to recover the keys from the backup; when keys are outdate, it is possible to update the old keys with new keys. In all the above cases it is necessary to distribute the keys again Deletion For the keys that will never be used, all copies of them should be deleted permanently. 4 Conclusion Considering the communication safety of GSM-R based RBCS, a triple cipher algorithm of DES in CBS mode is proposed in this paper. The running time of the triple DES is about 100 µs on normal microprocessor [5], causing little overhead on the response time of RBCS. This paper also analyzes the structure

9 Computers in Railways IX 525 of key management system, with emphasis on the structure and workflow of KMS. This year, field test of GSM-R based RBCS will be carried out on the pilot project of Qinghai-Tibet railway, providing a good chance to evaluate the implementation of the cipher algorithms and KMS proposed in this paper. References [1] Wang Junfeng, Zhang Yong et al., Research on the Radio Based Cab Signalling System used for Qinghai-Tibet Railway, Journal of Railways, Vol.24, No.3, pp , [2] Wang Yumin, Liu Jianwei, Safety of communication network, dian University Press, pp , [3] UIC/ERRI A200, ETCS EURORADIO Sub-System Requirement Specification, Version 03.00, [4] UIC/ERRI A200, Management Functional Interface Specification, Version , [5] Li Chao, Zhang Yong, Using C8051F020 to Implement Error-Correcting Control for Data Transmission in Radio Based Cab Signaling System, Journal of Tianjin University suppl., No.1, 2004.

KMC-ETCS Entity Off-line KM FIS

ERTMS/ETCS KMC-ETCS Entity Off-line KM FIS REF : ISSUE: 110 DATE : 17-12-2015 Company Technical Approval Management approval ALSTOM ANSALDO AZD BOMBARDIER CAF SIEMENS THALES 110 KMC-ETCS Entity Off-line