RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking...
-
Upload
alanna-thore -
Category
Documents
-
view
213 -
download
0
Transcript of RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking...
![Page 1: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/1.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Computer Security
Web
Firewalls
Viruses
Passwords
Internet Banking
Online Shopping
Privacy
Industrial Espionage
Hackers
![Page 2: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/2.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Computer Security
![Page 3: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/3.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Your Life
![Page 4: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/4.jpg)
RESOURCEFUL RELIABLE RESPONSIBLERESOURCEFUL RELIABLE RESPONSIBLE
Computer Security As If Your Life Depended On It
Katherine Eastaughffe
![Page 5: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/5.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
OUTLINE
• Westinghouse Rail Systems – What do we
do?
• Safety Critical Systems on the Railway
• How do we develop Safety Critical
Systems?
• Where does Security fit in?
• Looking to the future
![Page 6: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/6.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
COMPANY OVERVIEW
• Company established in 1862
• Offices in Birmingham, Crawley, Croydon, Glasgow,
Swanley, York, Beijing, Germany and Singapore
with HQ in Chippenham
• 1390 employees
• Part of Invensys Rail Systems (Australia, US and
Spain)
![Page 7: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/7.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
WHAT IS OUR BUSINESS?
• Design, manufacture, installation,
commissioning
and maintenance of:
– Railway signalling systems and
equipment
– Train control systems
– Railway monitoring systems & control
centres
• Supplying Main Line and Mass Transit
operators in the UK, Europe and Far East
![Page 8: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/8.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
UNDERG ROUND
PAC
LSC
PLATFORM ATOCOMMUNICATOR
FBP
Door IndicationsService BrakesMotors
Emergency BrakesDoor Side EnableTraction Inhibit
Driver Indications
APR Transponder
Leaky Feeder
TMSDrivingData
Train Information
Tx
Tx
Rx
FIXEDCOMMUNICATIONS
UNIT &RADIO BASE STATIONS
MCUs
ATP
ATO
APR Reader
Tachogenerator(Speed Sensor)
ATO Rx Antenna
FCU& RBS
FIXEDBLOCK
PROCESSOR
OUTPUTS TO TRAIN
LOCALSITECOMPUTER(LSC)
Doppler
KEY:AUTOMATIC TRAIN PROTECTION EQUIPMENT
AUTOMATIC TRAIN OPERATION EQUIPMENT
INTERLOCKING EQUIPMENT
AUTOMATIC TRAIN SUPERVISION EQUIPMENT
EQUIPMENT SUPPLIED BY OTHERS
UNDERGROUND
State of Railway
To ATO Tx Antenna
FIBRE OPTIC LINK BETWEEN WESTRACES
ATPAntennas
Tachogenerator(Speed Sensor)
DIVERSE MONITORCONTROLLER
SIGNALLING EQUIPMENT ROOM
SER
Train Information
Train Information
Control Data
Control DataPoint Machines, Track Circuits,
Position Detectors, Signals
WESTRACEINTERLOCKING
FIBRE OPTIC LINK BETWEEN WESTRACES
DUAL RUNNING INTERFACE TO EXISTING SIGNALLING(OVERLAY SYSTEM)
NEW INTERLOCKINGS IN CONTROL(FINAL SYSTEM)
T e c h n i c a l P u b l ic a t i o n s
To rear DopplerTo rear
APR Reader
ODR
PPP SYSTEM
Driver's Display
Equipped TrainReport
State of Railway
Equipped Train Reports
MCTDMC
CONTROL CENTRE
STATIONMANAGEMENTSYSTEM(SMS)
SMS
WESTRACE
S2IMR
For Information Purposes Only Issue: Draft Date 15 May 2003
EXISTING I/L
CountDownClock
P I Display
WRSLScope
Scopeof
Others
Westinghouse Brake and Signal Holdings Limited 2003C
MAINTAINER'SCONTROL TERMINAL
(incl Operational Data Recorder)
![Page 9: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/9.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
LONDON’S PPP – PUBLIC PRIVATE PARTNERSHIP
• Westinghouse supplying
resignalling projects to
Metronet consortium
through Bombardier
• Resignalling Victoria,
District, Circle,
Hammersmith,
Metropolitan lines over
14 years (>1/2 of the
Tube)
![Page 10: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/10.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Victoria Line/SSL ResignallingStatistics
• ~ $850 million contract
• Resignalling of more than ½ of Tube
• 150 000 people enter the system each hour
• About 400 km of track
• About 160 stations
• Victoria line to provide > 30 trains per hour
• London Underground has 2.7 million passenger
journeys/day
![Page 11: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/11.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
![Page 12: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/12.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
AUTOMATIC TRAIN CONTROL
Protection Profile
Line Speed = 80 km/h
Trackside Equipment
Location
Basic Operation
![Page 13: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/13.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Train Control Systems
• ERTMS (European Rail Traffic Management
System)
– To be deployed across Europe
• DTG-R (Distance To Go- Radio)
– Aimed at Metro systems
– To be deployed on London Undeground
![Page 14: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/14.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
ERTMS
• Recommended by the Uff-Cullen Inquiry for
Automatic Train Protection on UK Mainline railway
• Common specifications to which suppliers provide
equipment
• Radio Block Centre derives and sends “movement
authorities” to trains via a GSM-R radio system
• A movement authority specifies how far a train can
travel along the route ahead
• Train-borne computer calculates a safe speed
based on its received movement authority
![Page 15: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/15.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
DTG-R
• Processors send “Signalling States” from
the interlocking to the train via a radio
system
• Train-borne computer calculates a
movement authority and from that a safe
speed
![Page 16: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/16.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
What if something interferes with the data?
Protection Profile
Line Speed = 80 km/h
Trackside Equipment
Location
Basic Operation
![Page 17: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/17.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
What if something interferes with the data?
Protection Profile
Line Speed = 80 km/h
Trackside Equipment
Location
![Page 18: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/18.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
What if something interferes with the data?
Protection Profile
Line Speed = 80 km/h
Trackside Equipment
Location
![Page 19: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/19.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
What if something interferes with the data?
Protection Profile
Line Speed = 80 km/h
Trackside Equipment
Location
![Page 20: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/20.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
How do we prove our systems are safe?• Try and identify all the ways that something can go wrong
• Make sure we have ways for protecting against these
threats
• We construct a Safety Case
• One part of the Safety Case for Automatic Train Control
addresses the questions:
– What can go wrong with messages sent from the
trackside to trains (either accidentally or deliberately)
– How do protect against failures of message
transmission?
![Page 21: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/21.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
What may go wrong with messages?
• Repetition of Messages
• Deletion of Messages
• Insertion of Messages
• Resequencing of Messages
• Corruption of Messages
• Delay of Messages
• Masquerade of Messages
![Page 22: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/22.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Repetition of Messages
• Due to failure of equipment eg message
buffer is not properly flushed
• Due to deliberate storage and replay of
messages
• Sequence Numbers and Timestamps
![Page 23: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/23.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Sequence Numbers
• Add a running number to each message exchanged between a
transmitter and a receiver
• Receiver checks that number is within suitable range of number
of previous message
• Suitable range means:
– Eg between 1 and 30 greater than previous number (module 255)
for an 8 bit number
– Suitable range depends on the expected frequency of transmission.
• This ensure message in specified range is no older than x
seconds/minutes
• Except that if the message is really old, then it might be in
range, because sequence numbers have gone right the way
round!!
![Page 24: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/24.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Timestamps• Timestamps can plug the hole that sequence
numbering technique has
• Transmitter adds a timestamp to message
• Receiver checks that timestamp is within given
tolerance of the timestamp of previous message
• Bandwidth may prevent timestamp being sent
with all messages
• Need to be careful about the 1st message
received from a transmitter – how do you know
its clock is right and the message is not years
old.
![Page 25: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/25.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Deletion of Messages
• May be the result of equipment failure
• Or Denial of Service attack
• Most likely source of disruption of message
transmission
• Design the system to be “fail-safe” – if messages are
not received it will not cause a hazard
• Timeout on receipt of messages. If a train does not
receive any messages after a given period of time,
braking will be applied
• In emergency situations, you may want to know that
a message has been received, in which case there
must be an acknowledgement
![Page 26: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/26.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Insertion of Messages
• Due to cross-talk
• Due to deliberate insertion of messages
• Sequence numbers will protect against a
large number of false messages because
the sequence number is unlikely to be
within the expected range
• Otherwise see masquerading of messages
![Page 27: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/27.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Resequencing of Messages
• Messages received in different order to
that transmitted
• Sequence Numbers and Timestamps
![Page 28: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/28.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Corruption of Messages
• Accidental changes eg from Electromagnetic
Interference or collision of messages
• Deliberate changes
• Safety Codes
– CRC (Cyclic Redundancy Codes)
– Hash Codes
– Cryptographic Block Codes (Message
Authentication Code)
![Page 29: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/29.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
ERTMS – Encryption
• Uses a MAC – a function of the whole
message and a secret key
• A private key for each train
• Block Cipher used is single DES with
modified MAC algorithm 3
![Page 30: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/30.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Delay of Messages
• Timestamps• Timeouts – if you don’t receive a message
within a given period, enter a fail-safe state, that is, shut-down and apply braking
![Page 31: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/31.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Masquerading of Messages
• Use of identifiers• Use of cryptographic techniques
![Page 32: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/32.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Security of Rail Networks
• Of course, there are easier ways of
deliberately disrupting railways than
spoofing/deleting messages from trackside
to train
• Difficult to gain physical access to network
![Page 33: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/33.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
An Interesting Website
• www.atcsmon.com
• Allows you to graphically monitor train traffic on
railroads that use the Association of American
Railroad’s Advanced Train Control System (ATCS)
Specification 200 protocol (among others)
• All you need is a radio scanner! That is when
you’re not listening to the police, or baby monitors
![Page 34: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/34.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Some other Security Issues
• Security of map data and software loaded
into train control units
• Management of private keys for each train
• The future will involve satellite positioning
systems (Galileo) and use of more and
more COTS products, which increase the
security risk
![Page 35: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/35.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Summary
• Security issues can be safety issues too
• To get approval for systems, you have to
show that you have considered threats
from message integrity and protected
against them
• Real applications for cryptographic
techniques
![Page 36: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/36.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
Further Information• www.westinghouserail.co.uk
• Railway Safety Standards
– BS EN 50159: Railway Applications – Communication, Signalling
and Processing Systems
• ERTMS Standards - www.aeif.org/ccm/doclist.asp
• Lots of information about Communications Systems for train
control, US focussed, no future maintenance, www.tsd.org
• “Safeware: System Safety and Computers” by Nancy
Leveson. Addison Wesley 1995
• IEE Website (Institute of Electrical Engineers) – www.iee.org
– Railway Professional Network
– Functional Safety Professional Network
![Page 37: RESOURCEFUL RELIABLE RESPONSIBLE Computer Security Web Firewalls Viruses Passwords Internet Banking Online Shopping Privacy Industrial Espionage Hackers.](https://reader036.fdocuments.in/reader036/viewer/2022081602/551af57f550346f70d8b4fe4/html5/thumbnails/37.jpg)
RESOURCEFUL RELIABLE RESPONSIBLE
WESTINGHOUSE RAIL SYSTEMS
RESOURCEFUL RELIABLE RESPONSIBLE