More Web Proxy on the site http://driver.im/

research-article

Signal Jamming Attacks Against Communication-Based Train Control: Attack Impact and Countermeasure

Authors:

Subhash Lakshminarayana,

Jabir Shabbir Karachiwala,

Sang-Yoon Chang,

Girish Revadigar,

Sristi Lakshmi Sravana Kumar,

David K.Y. Yau,

Yih-Chun HuAuthors Info & Claims

WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Pages 160 - 171

https://doi.org/10.1145/3212480.3212500

Published: 18 June 2018 Publication History

Abstract

We study the impact of signal jamming attacks against the communication based train control (CBTC) systems and develop the countermeasures to limit the attacks' impact. CBTC supports the train operation automation and moving-block signaling, which improves the transport efficiency. We consider an attacker jamming the wireless communication between the trains or the train to wayside access point, which can disable CBTC and the corresponding benefits. In contrast to prior work studying jamming only at the physical or link layer, we study the real impact of such attacks on end users, namely train journey time and passenger congestion. Our analysis employs a detailed model of leaky medium-based communication system (leaky waveguide or leaky feeder/coaxial cable) popularly used in CBTC systems. To counteract the jamming attacks, we develop a mitigation approach based on frequency hopping spread spectrum taking into account domain-specific structure of the leaky-medium CBTC systems. Specifically, compared with existing implementations of FHSS, we apply FHSS not only between the transmitter-receiver pair but also at the track-side repeaters. To demonstrate the feasibility of implementing this technology in CBTC systems, we develop a FHSS repeater prototype using software-defined radios on both leaky-medium and open-air (free-wave) channels. We perform extensive simulations driven by realistic running profiles of trains and real-world passenger data to provide insights into the jamming attack's impact and the effectiveness of the proposed countermeasure.

References

[1]

2015. Officials: Rogue Boston subway train was tampered with. (2015). http://wapo.st/2zo78PU.

[2]

2015. Rail companies to be fined for late-running services. (2015). http://bit.ly/2iCikTh.

[3]

2016. Confirmation of a coordinated attack on the Ukrainian power grid. (2016). http://bit.ly/10mxfnG.

[4]

2016. 'Rogue train' to blame for signal interference, disruptions on circle line. (2016). http://bit.ly/2yzXIlq.

[5]

2016. Singapore Downton line signalling. (2016). https://tinyurl.com/yacucyoe.

[6]

2016. UK rail network attacked by hackers four times in a year. (2016). http://ind.pn/29x1NGX.

[7]

2017. Ettus research USRP software defined radio products. (2017). https://www.ettus.com/.

[8]

2017. GNU radio free and open software radio ecosystem. (2017). https://www.gnuradio.org/.

[9]

2017. Signalling system firm Thales apologises for Joo Koon train collision; assures commuters that its system is safe. (2017). http://bit.ly/2hYKiIH.

[10]

2017 (accessed). GSM-R. (2017 (accessed)). https://uic.org/gsm-r.

[11]

2017 (accessed). TETRA. (2017 (accessed)). http://www.etsi.org/technologies-clusters/technologies/tetra.

[12]

American Public Transportation Association (APTA). 2014. Cybersecurity considerations for public transit. Recommended Practice ATPA-SS-ECS-RP-001-14 (2014).

[13]

T. Basar. 1983. The Gaussian test channel with an intelligent jammer. IEEE Trans. Inf. Theory 29, 1 (Jan 1983), 152--157.

Digital Library

[14]

S-Y. Chang, S. Cai, H. Seo, and Y-C. Hu. 2016. Key update at train stations: Two-layer dynamic key update scheme for secure train communications. In Proc. EAI international conference on security and privacy in communication networks (SecureComm).

[15]

S-Y. Chang, Y-C. Hu, and N. Laurenti. 2012. SimpleMAC: A Jamming-resilient MAC-layer protocol for wireless channel coordination. In Proc. International Conference on Mobile Computing and Networking (Mobicom). 77--88.

Digital Library

[16]

S-Y. Chang, B. A. N. Tran, Y-C. Hu, and D. L.Jones. 2015. Jamming with power boost: Leaky waveguide vulnerability in train systems. In Proc. IEEE International Conference on Parallel and Distributed Systems (ICPADS). 37--43.

Digital Library

[17]

V. Deniau. 2014. Overview of the European project security of railways in Europe against electromagnetic attacks (SECRET). IEEE Electrmagn. Compat. 3, 4 (2014), 80--85.

[18]

J. Farooq and J. Soler. 2017. Radio Communication for Communications-Based Train Control (CBTC): A Tutorial and Survey. IEEE Communications Surveys Tutorials 19, 3 (2017), 1377--1402.

[19]

K. Firouzbakht, G. Noubir, and M. Salehi. 2012. On the capacity of rate-adaptive packetized wireless communication links under jamming. In Proc. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC). 3--14.

Digital Library

[20]

M. Hartong, R. Goel, and D. Wijesekera. 2006. Key management requirements for positive train control communications security. In Proc. IEEE/ASME Joint Rail Conference. 253--262.

[21]

Degauque P. Duhot D. Heddbaut, M. and J. Mainardi. 1990. I.A.G.O.: Command Control Link Using Coded Waveguide. Journal of Transportation Engineering 116, 4 (July 1990), 427--435.

[22]

M. Heddebaut. 2009. Leaky waveguide for train-to-wayside communication-based train control. IEEE Trans. Veh. Technol. 58, 3 (March 2009), 1068--1076.

[23]

M. Heddebaut. 2009. Leaky Waveguide for Train-to-Wayside Communication-Based Train Control. Vehicular Technology, IEEE Transactions on 58, 3 (March 2009), 1068--1076.

[24]

S. Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In Conf. IEEE Industrial Electronics Society.

[25]

T. Kawakami, T. Maruhama, T. Takeya, and S. Kohno. 1959. Waveguide communication system for centralized railway traffic control. IRE Transactions on Vehicular Communications 13, 1 (Sep 1959), 1--18.

[26]

S. Lakshminarayana, Z. T. Teo, R. Tan, D.K. Y. Yau, and P. Arboleya. 2016. On false data injection attacks against railway traction power systems. In Proc. IEEE/IFIP International conference on dependable systems and networks (DSN). 383--394.

[27]

R. Pickholtz, D. Schilling, and L. Milstein. 1982. Theory of spread-spectrum communications--A tutorial. IEEE Trans. Commun. (May 1982), 855--884.

[28]

Alan F. Rumsey and Sue Cox. 2012. So who really needs a "Fall-back" signaling system with communications-based train control?. In APTA Rail Conference.

[29]

M. Simon, J. Omura, R. Scholtz, and B. Levitt. 1994. Spread spectrum communications handbook. McGraw-Hill: New York.

Digital Library

[30]

M. Strasser, S. Capkun, C. Popper, and M. Cagalj. 2008. Jamming-resistant key establishment using uncoordinated frequency hopping. Proc. IEEE Symposium on Security and Privacy (May 2008), 64--78.

Digital Library

[31]

T. D. Vo-Huu, T. D. Vo-Huu, and G. Noubir. 2016. Interleaving jamming in Wi-Fi networks. In Proc. ACM conference on security & Privacy in Wireless and Mobile Networks (WiSec). 31--42.

Digital Library

[32]

Hongwei Wang, F.R. Yu, Li Zhu, Tao Tang, and Bin Ning. 2013. Modeling of Communication-Based Train Control (CBTC) Radio Channel With Leaky Waveguide. Antennas and Wireless Propagation Letters, IEEE 12 (2013), 1061--1064.

[33]

H. Wang, F. R. Yu, L. Zhu, T. Tang, and B. Ning. 2015. A cognitive control approach to communication-based train control systems. IEEE Trans. Intell. Transp. Syst. 16, 4 (Aug 2015), 1676--1689.

[34]

Y. Wang, B. De Schutter, T. van den Boom, and B. Ning. 2013. Optimal trajectory planning for trains under a moving block signaling system. In European Control Conference (ECC). 4556--4561.

[35]

D. Zhang, J. Zhao, F. Zhang, and T. He. 2015. UrbanCPS: A Cyber-physical system based on multi-source big infrastructure data for heterogeneous model integration. In Proc. ACM/IEEE ICCPS. 238--247.

Digital Library

[36]

N. Zhao, C. Roberts, S. Hillmansen, and G. Nicholson. 2015. A multiple train trajectory optimization to minimize energy consumption and delay. IEEE Trans. Intell. Transp. Syst. 16, 5 (Oct 2015), 2363--2372.

[37]

Y. Zhao and P. Ioannou. 2015. Positive train control with dynamic headway based on an active communication system. IEEE Trans. Intell. Transp. Syst. 16, 6 (Dec 2015), 3095--3103.

[38]

L. Zhu, F. R. Yu, B. Ning, and T. Tang. 2014. Communication-based train control (CBTC) systems with cooperative relaying: Design and performance analysis. IEEE Trans. Veh. Technol. 63, 5 (Jun 2014), 2162--2172.

Cited By

Purification SKim JKim JChang S(2024)Fake Base Station Detection and Link Routing DefenseElectronics10.3390/electronics1317347413:17(3474)Online publication date: 1-Sep-2024
https://doi.org/10.3390/electronics13173474
Li PNiu YWu HHan ZWang YWang NZhong ZAi B(2024)Scheduling of Millimeter Wave Communications for Ultra-High-Speed Vacuum Tube TrainIEEE Transactions on Vehicular Technology10.1109/TVT.2024.335257273:6(8184-8196)Online publication date: Jun-2024
https://doi.org/10.1109/TVT.2024.3352572
Dabbaghzadeh HFalahati ASanandaji N(2024)CBTC Security and Reliability Enhancements by a Key-Based Direct Sequence Spread Spectrum TechniqueIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.331226625:1(159-172)Online publication date: Jan-2024
https://doi.org/10.1109/TITS.2023.3312266
Show More Cited By

Recommendations

A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks
SCAV'17: Proceedings of the 1st International Workshop on Safe Control of Connected and Autonomous Vehicles

To meet the growing railway-transportation demand, a new train control system, communication-based train control (CBTC) system, aims to maximize the ability of train lines by reducing the headway of each train. However, the wireless communications ...
Simulation testbed for railway infrastructure security and resilience evaluation
HotSoS '20: Proceedings of the 7th Symposium on Hot Topics in the Science of Security

The last decade has seen an influx of digital connectivity, operation automation, and remote sensing and control mechanisms in the railway domain. The management of the railway operations through the use of distributed sensors and controllers and with ...
An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 2018

317 pages

ISBN:9781450357319

DOI:10.1145/3212480

General Chair:
Panos Papadimitratos
KTH, Sweden
,
Program Chairs:
Kevin Butler
University of Florida, USA
,
Christina Pöpper
New York University Abu Dhabi, UAE

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WiSec '18

Sponsor:

SIGSAC

WiSec '18: 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 18 - 20, 2018

Stockholm, Sweden

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
293
Total Downloads

Downloads (Last 12 months)53
Downloads (Last 6 weeks)4

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Purification SKim JKim JChang S(2024)Fake Base Station Detection and Link Routing DefenseElectronics10.3390/electronics1317347413:17(3474)Online publication date: 1-Sep-2024
https://doi.org/10.3390/electronics13173474
Li PNiu YWu HHan ZWang YWang NZhong ZAi B(2024)Scheduling of Millimeter Wave Communications for Ultra-High-Speed Vacuum Tube TrainIEEE Transactions on Vehicular Technology10.1109/TVT.2024.335257273:6(8184-8196)Online publication date: Jun-2024
https://doi.org/10.1109/TVT.2024.3352572
Dabbaghzadeh HFalahati ASanandaji N(2024)CBTC Security and Reliability Enhancements by a Key-Based Direct Sequence Spread Spectrum TechniqueIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.331226625:1(159-172)Online publication date: Jan-2024
https://doi.org/10.1109/TITS.2023.3312266
Alotaibi B(2023)A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing OpportunitiesSensors10.3390/s2317747023:17(7470)Online publication date: 28-Aug-2023
https://doi.org/10.3390/s23177470
Bouzidi MAmro ADalveren YAlaya Cheikh FDerawi M(2023)LPWAN Cyber Security Risk Analysis: Building a Secure IQRF SolutionSensors10.3390/s2304207823:4(2078)Online publication date: 12-Feb-2023
https://doi.org/10.3390/s23042078
Liang HZhu LYu FWang X(2023)A Cross-Layer Defense Method for Blockchain Empowered CBTC Systems Against Data Tampering AttacksIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.321102024:1(501-515)Online publication date: Jan-2023
https://doi.org/10.1109/TITS.2022.3211020
Fakhereldine AZulkernine MMurdock D(2023)TrainSec: A Simulation Framework for Security Modeling and Evaluation in CBTC NetworksReliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification10.1007/978-3-031-43366-5_2(22-39)Online publication date: 27-Sep-2023
https://doi.org/10.1007/978-3-031-43366-5_2
Sthapit SLakshminarayana SHe LEpiphaniou GMaple C(2022)Reinforcement Learning for Security-Aware Computation Offloading in Satellite NetworksIEEE Internet of Things Journal10.1109/JIOT.2021.31356329:14(12351-12363)Online publication date: 15-Jul-2022
https://doi.org/10.1109/JIOT.2021.3135632
Sharma GSherif EHe MBoiten E(2022)Analysis of Cyber-Attacks for Modern Digital Railway System Using Cyber Range2022 IEEE Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI)10.1109/IATMSI56455.2022.10119321(1-6)Online publication date: 21-Dec-2022
https://doi.org/10.1109/IATMSI56455.2022.10119321
Kim SPark KLu C(2022)A Survey on Network Security for Cyber–Physical Systems: From Threats to Resilient DesignIEEE Communications Surveys & Tutorials10.1109/COMST.2022.318753124:3(1534-1573)Online publication date: Nov-2023
https://doi.org/10.1109/COMST.2022.3187531
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents