Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands
Abstract
:1. Introduction
2. Related Work
3. Technology Forecast
- Literature research and discussions within the project team.
- Workshops with an expert team stemming from railway operators, railway manufacturers, and academia.
- An exchange between the project and expert teams.
- Finding features of the railway system that fall into the categories shown in Figure 1; and
- Identifying future technologies that will be available until 2050 and could be integrated into the railway system.
3.1. Goal 1: Sufficient Completeness
3.2. Goal 2: Mutual Validation
3.3. Use Cases
4. Attack Graphs
- Financial damage to the operator, an individual, or a customer;
- Reputation damage to the operator, manufacturer, or an individual;
- Violation of laws and regulations;
- Violation of privacy;
- Infringement of property;
- Restriction of a critical service;
- Provoke chaos;
- Market manipulation;
- Obstruction of justice;
- Violation of physical integrity.
4.1. Refinement of Attacks
4.2. Risk Assessment
4.3. Countermeasures
4.4. Outcome
5. Results and Discussion
5.1. Upcoming Threats to the Future Railway System, Inducing Research Demands
5.2. Countermeasures with a Further Need for Research or Standardization
- A.
- The technology is in an early development or research state, meaning that there is, at most, a laboratory experiment (TRL 1–4).
- B.
- First prototypes of the technology exist (TRL 5–7).
- C.
- The technology is well-known and used; there is no need for further standardization or research (TRL 8–9).
5.2.1. Prevention and Responsiveness
5.2.2. Environment Monitoring
5.2.3. Security against Physical Attacks
5.2.4. Data Protection and Privacy
5.2.5. Resilience against Jamming
5.2.6. Robustness of Machine Learning
6. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
AI | artificial intelligence |
ATO | automatic train operation |
BCM | business continuity management |
CBTC | communication-based train control |
CI | critical infrastructure |
COTS | commercial off-the-shelf |
DAC | digital automatic coupling |
DoS | denial-of-service |
ETCS | European Train Control System |
FOS | fiber optic sensing |
FRMCS | Future Railway Mobile Communication System |
GDPR | General Data Protection Regulation |
GNSS | Global Navigation Satellite System |
GPS | global positioning system |
IoT | Internet of Things |
M2M | machine-to-machine |
ML | machine learning |
NFC | near-field communication |
OT | operational technology |
PETs | privacy-enhancing technologies |
PII | personally identifiable information |
PUF | physically unclonable function |
RBC | Radio Block Centre |
RIM | railway infrastructure manager |
TPM | trusted platform module |
TRL | technology readiness level |
V2I | vehicle-to-infrastructure |
V2V | vehicle-to-vehicle |
References
- Redaktions Netzwerk Deutschland. Ein Drittel Mehr Kapazität bei der Deutschen Bahn-so Soll es Klappen. Available online: https://www.rnd.de/wirtschaft/ein-drittel-mehr-kapazitat-bei-der-deutschen-bahn-so-soll-es-klappen-X6M3WDPHKVIEFVMDHIIOQAXOZU.html (accessed on 11 July 2023).
- Rebhan, C. Obwohl Regierung Mehr für Klimaschutz Tun Will: Erst 2022 Gibt der Bund Mehr Geld Für Schienen Aus Als Für Straßen. Available online: https://www.businessinsider.de/politik/deutschland/obwohl-regierung-mehr-fuer-klimaschutz-tun-will-erst-2022-gibt-der-bund-mehr-geld-fuer-schienen-aus-als-fuer-strassen/ (accessed on 11 July 2023).
- Iffländer, L.; Buder, T.; Loreth, T.; Villota, M.A.; Schmitz, W.; Neubecker, K.A.; Pickl, S. Physical Attacks on the Railway System. arXiv 2023, arXiv:2306.00623. [Google Scholar]
- Slivkova, S.; Michalcova, L. Identification and Classification of Soft Targets in Railway Infrastructure. In Proceedings of the TRANSBALTICA XIII: Transportation Science and Technology; Prentkovskis, O., Yatskiv (Jackiva), I., Skačkauskas, P., Maruschak, P., Karpenko, M., Eds.; Springer International Publishing: Cham, Switzerland, 2023; pp. 667–676. [Google Scholar]
- Wang, Y.; Zhang, M.; Ma, J.; Zhou, X. Survey on Driverless Train Operation for Urban Rail Transit Systems. Urban Rail Transit 2016, 2, 106–113. [Google Scholar] [CrossRef]
- Keevill, D. Implications of Increasing Grade of Automation; American Public Transportation Association: Washington, DC, USA, 2017. [Google Scholar]
- Wunsch, S.; Lehnert, M.; Krimmling, J.; Easton, J. Datenformate, Datenmodelle und Datenkonzepte für den Eisenbahnbetrieb; Der Eisenbahningenieur; Eurailpress: Frankfurt am Main, Germany, 2016. [Google Scholar]
- Schmit, M.; Kerth, S.; Sinnecker, G.; Walther, G. Modernisierung des deutschen Eisenbahnnetzes durch Digitalisierung und ETCS-Ausrüstung; Verband Deutscher Verkehrsunternehmen e.V. (VDV): Berlin, Germany, 2018. [Google Scholar]
- Liu, Y.; Yuan, L. Research on Train Control System Based on Train to Train Communication. In Proceedings of the 2018 International Conference on Intelligent Rail Transportation (ICIRT), Singapore, 12–14 December 2018; pp. 1–5. [Google Scholar] [CrossRef]
- Toussaint, C. Einsatz von Drohnen im Bahnbereich; Der Eisenbahningenieur; Eurailpress: Frankfurt am Main, Germany, 2021. [Google Scholar]
- Schmid, G.; Sendlhofer, G.; Lexhaller, M. Robortik im Gleisbau; Der Eisenbahningenieur; Eurailpress: Frankfurt am Main, Germany, 2019. [Google Scholar]
- Chew, T.; Luebkeman, C.; Morrell, M.; Goulding, L. Future of Rail 2050; Arup: London, UK, 2019. [Google Scholar]
- Leining, M.; Schubert, M.; Heinrich, M.; Katzenbeisser, S.; Unger, S.; Krauß, C.; Scheuermann, D. Prognose Securitybedarf und Bewertung möglicher Sicherheitskonzepte; Teil 1: Technologieprognose; Deutsches Zentrum für Schienenverkehrsforschung beim Eisenbahn-Bundesamt: Dresden, Germany, 2022. [Google Scholar] [CrossRef]
- Eyben, F.; Wöllmer, M.; Poitschke, T.; Schuller, B.; Blaschke, C.; Färber, B.; Nguyen-Thien, N. Emotion on the Road: Necessity, Acceptance, and Feasibility of Affective Computing in the Car. Adv. Hum.-Comp. Int. 2010, 2010, 263593. [Google Scholar] [CrossRef]
- Costa, P.; Vasalou, A.; Pitt, J.; Dias, T.; Falcão e Cunha, J. The Railway Blues: Affective Interaction for Personalised Transport Experiences; ACM: New York, NY, USA, 2013. [Google Scholar] [CrossRef]
- Unger, S.; Arzoglou, E.; Heinrich, M.; Scheuermann, D.; Katzenbeisser, S. Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment. arXiv 2023, arXiv:2307.14114. [Google Scholar]
- Heinrich, M.; Iffländer, L. Softwaregestützte Bedrohungsanalyse durch Angriffsgraphen. Signal Draht 2022, 5, 28–34. [Google Scholar]
- DIN VDE V 0831-104:2015-10, Elektrische Bahn-Signalanlagen - Teil 104: Leitfaden für die IT-Sicherheit auf Grundlage IEC 62443. Available online: https://www.din.de/de/mitwirken/normenausschuesse/dke/veroeffentlichungen/wdc-beuth:din21:234969038 (accessed on 27 July 2023).
- International Electrotechnical Commission. IEC 62443: Industrial Communication Networks—Network and System Security. Available online: https://webstore.iec.ch/preview/info_iec62443-3-3%7Bed1.0%7Den.pdf (accessed on 27 July 2023).
- Huang, L.; Joseph, A.D.; Nelson, B.; Rubinstein, B.I.; Tygar, J.D. Adversarial Machine Learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, Chicago, IL, USA, 21 October 2011; Association for Computing Machinery: New York, NY, USA, 2011; pp. 43–58. [Google Scholar] [CrossRef]
- National Aeronautics and Space Administration. Technology Readiness Level. 2019. Available online: https://www.nasa.gov/directorates/heo/scan/engineering/technology/technology_readiness_level (accessed on 22 September 2023).
- Schildt, H. BSI IT-Grundschutz-Compendium Edition 2022; Technical Report; Bundesamt für Sicherheit und Informationstechnik: Berlin, Germany, 2022. [Google Scholar]
- BSI. Konkretisierung der Anforderungen an die Gemäß § 8a Absatz 1 BSIG Umzusetzenden Maßnahmen; Technical Report; Bundesamt für Sicherheit und Informationstechnik: Berlin, Germany, 2020. [Google Scholar]
- Reznik, L. Malware and Vulnerabilities Detection and Protection. In Intelligent Security Systems: How Artificial Intelligence, Machine Learning and Data Science Work For and Against Computer Security; Wiley: Hoboken, NJ, USA, 2022; pp. 177–246. [Google Scholar] [CrossRef]
- Ali, J.A.; Nasir, Q.; Dweiri, F.T. Business Continuity Management Framework of Internet of Things (IoT). In Proceedings of the 2019 Advances in Science and Engineering Technology International Conferences (ASET), Dubai, United Arab Emirates, 26 March–10 April 2019; pp. 1–7. [Google Scholar] [CrossRef]
- ISO 22301:2019; Security and Resilience—Business Continuity Management Systems—Requirements 2019. International Organization for Standardization: Geneva, Switzerland, 2019.
- Johari, R.; Kaur, I.; Tripathi, R.; Gupta, K. Penetration Testing in IoT Network. In Proceedings of the 2020 5th International Conference on Computing, Communication and Security (ICCCS), Patna, India, 14–16 October 2020; pp. 1–7. [Google Scholar] [CrossRef]
- Heinrich, M.; Gölz, A.; Arul, T.; Katzenbeisser, S. Rule-based anomaly detection for railway signalling networks. Int. J. Crit. Infrastruct. Prot. 2023, 42, 100603. [Google Scholar] [CrossRef]
- McParland, C.; Peisert, S.; Scaglione, A. Monitoring Security of Networked Control Systems: It’s the Physics. IEEE Secur. Priv. 2014, 12, 32–39. [Google Scholar] [CrossRef]
- Maffei, M. Formal Methods for the Security Analysis of Smart Contracts. In Proceedings of the 2021 Formal Methods in Computer Aided Design (FMCAD), New Haven, CT, USA, 19–22 October 2021; pp. 1–2. [Google Scholar] [CrossRef]
- Banks, A.S.; Kisiel, M.; Korsholm, P. Remote attestation: A literature review. arXiv 2021, arXiv:2105.02466. [Google Scholar]
- Du, C.; Dutta, S.; Kurup, P.; Yu, T.; Wang, X. A review of railway infrastructure monitoring using fiber optic sensors. Sens. Actuators A Phys. 2020, 303, 111728. [Google Scholar] [CrossRef]
- Maes, R.; Verbauwhede, I. Physically unclonable functions: A study on the state of the art and future research directions. In Towards Hardware-Intrinsic Security: Foundations and Practice; Spring: Berlin/Heidelberg, Germany, 2010; pp. 3–37. [Google Scholar]
- Gao, Y.; Al-Sarawi, S.F.; Abbott, D. Physical unclonable functions. Nat. Electron. 2020, 3, 81–91. [Google Scholar] [CrossRef]
- Heinrich, M.; Vateva-Gurova, T.; Arul, T.; Katzenbeisser, S.; Suri, N.; Birkholz, H.; Fuchs, A.; Krauß, C.; Zhdanova, M.; Kuzhiyelil, D.; et al. Security Requirements Engineering in Safety-Critical Railway Signalling Networks. Secur. Commun. Netw. 2019, 2019, 1–14. [Google Scholar] [CrossRef]
- Heinrich, M.; Renkel, D.; Arul, T.; Katzenbeisser, S. Predicting Railway Signalling Commands using Neural Networks for Anomaly Detection. In Proceedings of the International Conference on Computer Safety, Reliability, and Security, Lisbon, Portugal, 16–18 September 2020; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar] [CrossRef]
- D’Acquisto, G.; Domingo-Ferrer, J.; Kikiras, P.; Torra, V.; de Montjoye, Y.A.; Bourka, A. Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics. arXiv 2015, arXiv:1512.06000. [Google Scholar]
- Kaaniche, N.; Laurent, M.; Belguith, S. Privacy enhancing technologies for solving the privacy-personalization paradox: Taxonomy and survey. J. Netw. Comput. Appl. 2020, 171, 102807. [Google Scholar] [CrossRef]
- Heurix, J.; Zimmermann, P.; Neubauer, T.; Fenz, S. A taxonomy for privacy enhancing technologies. Comput. Secur. 2015, 53, 1–17. [Google Scholar] [CrossRef]
- Heydt-Benjamin, T.S.; Chae, H.J.; Defend, B.; Fu, K. Privacy for public transportation. In Proceedings of the Privacy Enhancing Technologies: 6th International Workshop, PET 2006, Cambridge, UK, 28–30 June 2006; Revised Selected Papers 6. Springer: Berlin/Heidelberg, Germany, 2006; pp. 1–19. [Google Scholar]
- López-Aguilar, P.; Batista, E.; Martínez-Ballesté, A.; Solanas, A. Information Security and Privacy in Railway Transportation: A Systematic Review. Sensors 2022, 22, 7698. [Google Scholar] [CrossRef] [PubMed]
- Álvarez, A.; Trapero, R.; Guilhot, D.; García-Mila, I.; Hernandez, F.; Marín-Tordera, E.; Forne, J.; Masip-Bruin, X.; Suri, N.; Heinrich, M.; et al. CIPSEC-Enhancing Critical Infrastructure Protection with Innovative Security Framework. In River Publishers Series in Security and Digital Forensics; Challenges in Cybersecurity and Privacy–the European Research Landscape; River Publishers: Aalborg, Denmark, 2019; Chapter 7; pp. 129–148. [Google Scholar] [CrossRef]
- Khan, S.A.; Malik, S.A. Adaptive beamforming algorithms for anti-jamming. Int. J. Signal Process. Image Process. Pattern Recognit. 2011, 4, 95–106. [Google Scholar]
- Yu, K.B.; Murrow, D.J. Adaptive digital beamforming for angle estimation in jamming. IEEE Trans. Aerosp. Electron. Syst. 2001, 37, 508–523. [Google Scholar]
- Kong, Z.; Yang, S.; Wang, D.; Hanzo, L. Robust beamforming and jamming for enhancing the physical layer security of full duplex radios. IEEE Trans. Inf. Forensics Secur. 2019, 14, 3151–3159. [Google Scholar] [CrossRef]
- Morgulis, N.; Kreines, A.; Mendelowitz, S.; Weisglass, Y. Fooling a real car with adversarial traffic signs. arXiv 2019, arXiv:1907.00374. [Google Scholar]
- Ntalampiras, S.; Misuraca, G.; Rossel, P. Artificial Intelligence and Cybersecurity Research; Technical Report; ENISA: Attiki, Greece, 2023. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Unger, S.; Heinrich, M.; Scheuermann, D.; Katzenbeisser, S.; Schubert, M.; Hagemann, L.; Iffländer, L. Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands. Vehicles 2023, 5, 1254-1274. https://doi.org/10.3390/vehicles5040069
Unger S, Heinrich M, Scheuermann D, Katzenbeisser S, Schubert M, Hagemann L, Iffländer L. Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands. Vehicles. 2023; 5(4):1254-1274. https://doi.org/10.3390/vehicles5040069
Chicago/Turabian StyleUnger, Simon, Markus Heinrich, Dirk Scheuermann, Stefan Katzenbeisser, Max Schubert, Leon Hagemann, and Lukas Iffländer. 2023. "Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands" Vehicles 5, no. 4: 1254-1274. https://doi.org/10.3390/vehicles5040069
APA StyleUnger, S., Heinrich, M., Scheuermann, D., Katzenbeisser, S., Schubert, M., Hagemann, L., & Iffländer, L. (2023). Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands. Vehicles, 5(4), 1254-1274. https://doi.org/10.3390/vehicles5040069