Post on 30-Jun-2018
ERA conference ERTMS Users Group
FA 12-11-2013
1
Part 1: New functions : GPRS & carrier independent solutions Part 2: Key management & system security
Part 1: ETCS communications Part 2: Secure ETCS communications 12-11-2013
EEIG ERTMS Users Group presentation at CCRCC
Part 1: ETCS communications
Part 2: Secure ETCS communications
ETCS over GPRS KMS Evolution
ERT: Euroradio Replacement Technology
ERT: Euroradio Replacement Technology
12-11-2013 2
Part 1 / Best Possible Next Step
Best Possible Next Step =
ETCS over GPRS
Best Possible Future Aim: Euroradio Replacement Technology
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 3
4
The activity aims at developing ETCS over GPRS specifications and demonstrating the suitability of a packet switching technology, such as GPRS, as a transmission system for ETCS. The ETCS over GPRS specifications will be developed with the aim to achieve a bearer independent system, and the interface description with the communication system in order to allow the data transmission over a packet switched technology, such as GPRS, while maintaining the current capabilities (transmission over a circuit switched technology – GSM-R).
EUROPEAN COMMISSION DECISION C(2012) 6939 about ETCS over GPRS
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC
5
ETCS over GPRS – Status today
Testing Phase 1
Testing Phase 2
Testing Phase 3
Testing Phase 4
GPRS LAB
GPRS FIELD
ETCS over GPRS LAB
ETCS over GPRS FIELD
Conventional speed
ETCS over GPRS
FIELD – High
speed
ETCS over GPRS
FIELD – Cross
border
Development >>>>>>>>>>>
TODAY 12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC
ETCS GPRS
11E017-1 ETCS over GPRS principles and functional
requirements
Project
ETCS over GPRS - Development status today
GPRS for ETCS Engineering
Requirements
O-2475
Subset 026 Subset 037 Subset 092
Subset 093
FFFIS for Euroradio
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 6
ETCS over GPRS - testing status today: Phase 1 test report under preparation. Successful transition from Phase 1 to Phase 2
Testing Phase 1
Testing Phase 2
Testing Phase 3
Testing Phase 4
GPRS LAB
GPRS FIELD
ETCS over GPRS LAB
ETCS over GPRS FIELD
Conventional speed
ETCS over GPRS
FIELD – High
speed
ETCS over GPRS
FIELD – Cross
border
Development >>>>>>>>>>>
TODAY 12-11-2013
EEIG ERTMS Users Group presentation at CCRCC
7
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 8
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 9
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 10
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 11
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 12
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 13
ETCS over GPRS brings no principal changes
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 14
Balise sending the order to do Service
Registration
ETCS over GPRS brings no principal changes
Balise sending the order to establish
ETCS Session
RES
ULT
RES
ULT
Maximum time allowed for
Service Registration
Maximum time allowed for establishing ETCS Session
15
ETCS ID of RBC’s connected to that network
Corresponding IP address
101 255.255.255.001
102 255.255.255.002
103 255.255.255.003
104 255.255.255.004
105 255.255.255.005
106 255.255.255.006
………………… 255.255.255…….
Think of the DNS as a simple look-up table
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 16
Balise sending the order to do Service
Registration
ETCS over GPRS brings no principal changes
Balise sending the order to establish
ETCS Session
RES
ULT
RES
ULT
Maximum time allowed for
Service Registration
Maximum time allowed for establishing ETCS Session
17
Balise sending the order to do Service
Registration
ETCS over GPRS brings no principal changes
Balise sending the order to establish
ETCS Session
RES
ULT
RES
ULT
Maximum time allowed for
Service Registration
Maximum time allowed for establishing ETCS Session
18
Balise sending the order to do Service
Registration
ETCS over GPRS brings no principal changes
Balise sending the order to establish
ETCS Session
RES
ULT
RES
ULT
Maximum time allowed for
Service Registration
Maximum time allowed for establishing ETCS Session
19
12-11-2013 EEIG ERTMS Users Group presentation at CCRCC 20
Part 1 / Best Possible Next Step
Best Possible Next Step =
ETCS over GPRS
Best Possible Future Aim: ETCS over any radio bearer
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 21
Part 1 / Best Possible Future Aim
Best Possible Next Step =
ETCS over GPRS
Best Possible Future Aim: Euroradio Replacement Technology
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 22
12-11-2013 23
12-11-2013 24
12-11-2013 25
12-11-2013 26
12-11-2013 27
12-11-2013 28
The technology independence achieved with a mobile communications router could lead to more freedom and
opportunities in future network ownership business models.
12-11-2013 29
End of Part 1 Questions?
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 30
Part 1: ETCS communications
Part 2: Secure ETCS communications
12-11-2013 31
32
Best Possible Next Step = KMS Evolution
Best Possible Future Aim = Euroradio Replacement Technology
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC
Background of the KMS Evolution activity
Sub Activity 8.1: KMS security analysis and recommendations
Sub Activity 8.2: KMS Evolution
The work has resulted in a report that covers not only KMS security but also ERTMS security in general
KMS Evolution Strategy
KMS Evolution FRS+ORS
KMS Evolution SRS
MAP2012: Facilitating and speeding up ERTMS deployment - 2nd phase / Activity 8 Key Management systems
TODAY
2014 2015 2013 2012
ertms.be
To download the public
report, go to:
12-11-2013 33
ETCS security report
• Management Summary of
– Results
– Overview of Threat Identification, Risk Analysis and Recommendations
• Threat Identification Reference Case
• Appendices, e.g.:
– Hacker terminology/Cybercrime
– Introduction to symmetric encryption technologies
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 34
ETCS Security Reference Case
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 35
ETCS Security Recommendations
• Governance – Policies, procedures, guidelines and roles on secure life cycle management of all ERTMS related equipment
– Minimize manual handling of cryptographic material
– Apply transition from a safety mindset to a safety and security mindset
• People – ERTMS security awareness training
• Process – Incident response procedures
– Access control, system monitoring, system verification
– Business Continuity and Disaster Recovery
• Technology – System hardening
• Correct system patching
• Remove not need functionality
• Disable unnecessary services
• Limit user rights to what they need
• Antivirus protection
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 36
37
Governance
Technology
People
Process
2. E
RTM
S se
curi
ty a
war
en
ess
tra
inin
g
29. Specify secure remote access
39. Implement balise authentication?
12. Draft disaster recovery plans
13. Ensure generic physical protection
14. Periodically check track for malicious components
15. Implement monitoring of OBU/RBC log files
21. Periodical GSM-R coverage check
22. Draft procedures in case of jamming
24. Draft logical access procedures
26. Implement system security monitoring
Security recommendations directly related to KMS Evolution
Background of the KMS Evolution activity
12-11-2013
12-11-2013
OKMS
Universal IP family security infrastructure
38
39
Best Possible Future Aim = Euroradio Replacement Technology
Best Possible Next Step = KMS Evolution
12-11-2013
12-11-2013 EEIG ERTMS Users Group presentation at CCRCC
OKMS
Universal IP family security infrastructure
40
12-11-2013
Universal IP family security infrastructure
41
12-11-2013
Universal IP family security infrastructure
ERT
42
Part 1: ETCS communications
Part 2: Secure ETCS communications
ETCS over GPRS KMS Evolution
ERT: Euroradio Replacement Technology
ERT: Euroradio Replacement Technology
12-11-2013 43
End of Part 2 Questions?
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 44
Thank you for your attention
12-11-2013 EEIG ERTMS Users Group presentation at
CCRCC 45