Cyber Security Analysis for Advanced Train Control System (ATCS) in CTC Systems: Concepts and Methods

2019 Joint Rail Conference Pub Date : 2019-07-18 DOI:10.1115/JRC2019-1236

Zezhou Wang, Xiang Liu, Yongxin Wang, Chaitanya Yavvari, Matthew Jablonski, D. Wijesekera, B. Sykes, Keith Holt

{"title":"Cyber Security Analysis for Advanced Train Control System (ATCS) in CTC Systems: Concepts and Methods","authors":"Zezhou Wang, Xiang Liu, Yongxin Wang, Chaitanya Yavvari, Matthew Jablonski, D. Wijesekera, B. Sykes, Keith Holt","doi":"10.1115/JRC2019-1236","DOIUrl":null,"url":null,"abstract":"Advanced Train Control System (ATCS) is a proprietary network protocol that expands the functionality and efficiency of Centralized Traffic Control (CTC) systems, by using radio communications (radio code line) for message delivery. However, end-to-end cyber security issues were not considered during initial design of ATCS in the 1980s. Meanwhile, the landscape of cyber-physical threats and vulnerabilities has changed dramatically over the last three decades. Even though cutting-edge systems like Positive Train Control (PTC) have adopted security properties such as integrity check and encryption methods, major railroads in North America still deploy legacy ATCS standards to maintain their individual CTC system.\n This paper first illustrated the background and general specifications of ATCS applications in North American railroads. The research team has noticed that few studies have systematically analyzed this topic since the emergence of ATCS, though its applications are still prevailing in the industry. Divided by both vital and non-vital operational scenarios, this paper presented case studies for ATCS-related vulnerabilities. We used a sender-receiver sequencing-based analysis and proposed a consequence-based simulation model to identify and further evaluate the cyber and physical risks under potential cyber-attacks. For the identified risk, the paper evaluated the likelihood based on the practical operational sequences, and recommended potential countermeasures for the industry to improve the security over the specific case. The research concluded that the fail-safe design in the ATCS systems would prevent the exploiting known security vulnerabilities which could result in unsafe train movements. However, the service disruptions under certain speculated attacks need further evaluation. At the end of this paper, we discussed our ongoing work for disruption evaluation in the wake of successful cyber attacks.","PeriodicalId":287025,"journal":{"name":"2019 Joint Rail Conference","volume":"216 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 Joint Rail Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1115/JRC2019-1236","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Advanced Train Control System (ATCS) is a proprietary network protocol that expands the functionality and efficiency of Centralized Traffic Control (CTC) systems, by using radio communications (radio code line) for message delivery. However, end-to-end cyber security issues were not considered during initial design of ATCS in the 1980s. Meanwhile, the landscape of cyber-physical threats and vulnerabilities has changed dramatically over the last three decades. Even though cutting-edge systems like Positive Train Control (PTC) have adopted security properties such as integrity check and encryption methods, major railroads in North America still deploy legacy ATCS standards to maintain their individual CTC system. This paper first illustrated the background and general specifications of ATCS applications in North American railroads. The research team has noticed that few studies have systematically analyzed this topic since the emergence of ATCS, though its applications are still prevailing in the industry. Divided by both vital and non-vital operational scenarios, this paper presented case studies for ATCS-related vulnerabilities. We used a sender-receiver sequencing-based analysis and proposed a consequence-based simulation model to identify and further evaluate the cyber and physical risks under potential cyber-attacks. For the identified risk, the paper evaluated the likelihood based on the practical operational sequences, and recommended potential countermeasures for the industry to improve the security over the specific case. The research concluded that the fail-safe design in the ATCS systems would prevent the exploiting known security vulnerabilities which could result in unsafe train movements. However, the service disruptions under certain speculated attacks need further evaluation. At the end of this paper, we discussed our ongoing work for disruption evaluation in the wake of successful cyber attacks.

查看原文本刊更多论文

CTC系统中先进列车控制系统(ATCS)的网络安全分析:概念与方法

先进列车控制系统(ATCS)是一种专有的网络协议，通过使用无线电通信(无线电编码线)进行消息传递，扩展了集中交通控制(CTC)系统的功能和效率。然而，在20世纪80年代的ATCS初始设计期间，端到端网络安全问题没有被考虑。与此同时，网络物理威胁和漏洞的格局在过去三十年中发生了巨大变化。尽管像Positive Train Control (PTC)这样的尖端系统已经采用了完整性检查和加密方法等安全特性，但北美的主要铁路公司仍然采用传统的ATCS标准来维护他们各自的CTC系统。本文首先阐述了ATCS在北美铁路上应用的背景和一般规范。研究小组注意到，自ATCS出现以来，很少有研究系统地分析这一主题，尽管其在行业中的应用仍然很普遍。本文分为关键和非关键操作场景，介绍了atcs相关漏洞的案例研究。我们使用了基于发送方-接收方排序的分析，并提出了基于结果的仿真模型，以识别和进一步评估潜在网络攻击下的网络和物理风险。对于已识别的风险，本文基于实际操作顺序对其可能性进行了评估，并针对具体案例提出了行业提高安全性的潜在对策建议。研究得出的结论是，ATCS系统中的故障安全设计将防止利用已知的安全漏洞，从而导致不安全的列车运行。然而，在某些推测攻击下的服务中断需要进一步评估。在本文的最后，我们讨论了在成功的网络攻击之后，我们正在进行的中断评估工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 Joint Rail Conference

自引率

0.00%

发文量