Key Management in the Rail Sector
The future of mobility is marked by change. New technologies, increasing prosperity and growing populations demand and promote change. At the same time, limited resources and the resulting energy and climate protection targets provide the framework within which these changes can take place.
The mobility focus is on goals such as a primarily greenhouse gas-neutral and environmentally friendly transport system for both passenger and freight traffic. In Germany, the expansion of rail traffic and its digitalisation (Schiene 4.0), including both inner-city and nationwide rail traffic, plays a decisive role in the attainment of these goals.
The railroad infrastructure is long-lasting and consequently leads to a very fragmented technology landscape. Systems cover thousands of kilometers and are interoperable across borders. The safety of both railroad operations and passengers has the highest priority. The expansion of rail transport poses enormous challenges for railroad operators, German federal states and municipalities – and increasing digitalization and the associated transformation hold many opportunities, but also harbor risks.
Transport systems are critical infrastructures. The complexity and the increasing networking of communication increase vulnerability to cyber attacks. As the Cyber Threat Report 2019 shows, 49% of all hacker attacks are state-controlled, while only 5% is attributable to cyber terrorists. The targets of these hacker groups include above all governments and the defense sector, which shows a dramatic shift in attack targets. Our critical infrastructures must therefore be protected at both national and global levels, and this development must be taken into account in all mobility issues – particularly in rail transport – to ensure the security and safety of people and freight transport.
Communication encryption requires key management, which is a critical component within the world of cybersecurity since it allows secure communication between two or more devices. Certificates and keys enable both the authentication of communication partners and the encrypted exchange of information between the communicating components.
A wide variety of systems and devices communicate with each other in rail transport. The identification and authentication of the devices involved, and the protection of the information transmitted between them is of paramount importance – and data encryption is an absolutely essential protection system.
One current usage case is the European Rail Traffic Management System (ERTMS), which is currently being introduced. It will be a significant factor in the modern control of trans-European rail traffic. An essential component of the system is the train control system (European Train Control System / ETCS). ETCS enables fast, Europe-wide train connections -and Thales played a vital role in its standardization. It prevents each train from exceeding its maximum speed, enabling maximum use to be made of the line and ensuring functional safety and security at the same time. The basis for the ETCS is the communication between the trains running on the tracks – or, more specifically, between the OnBoard Units (OBUs) integrated into the trains – and the “ETCS line centers” (Radio Block Centers / RBCs) along the routes. This communication is secured by a “key management system” (Key Management Center / KMC). The KMC generates, manages and distributes the necessary keys for secure communication between the OBUs and RBCs. Key management thus plays a vital role in ensuring the security of rail operations.
The complete supply of the electronic keys required for communication along the entire route must be ensured before the journey starts. The key sovereignty here lies with the national infrastructure manager. Thales Germany has been offering security expertise for several years now, also in the transport market. For example, the KMC4ETCS key management system covers the relevant requirements of ETCS standardization, and it is flexible and expandable in its field of applications. However, key management is not limited to mainline rail traffic alone – the use of the new standard is also planned in the urban rail sector, i.e. in trams and subways.
First part of the interview series on the use of key management systems in rail traffic. Interview with Michael Kälber, cryptology expert at Thales Germany.
Second part of the interview series on the use of key management systems in rail traffic. Interview with Harini Bakuri, system architect at Thales Germany, and with Michael Kälber, expert for cryptology at Thales Germany.