Upload
others
View
20
Download
0
Embed Size (px)
Citation preview
Recommendations to railway domain issued
from SECRET project
Pierre Lambert (ALSTOM)
SECRET Project, Final Conference, 29th Oct. 2015 1
2 SECRET Project, Final Conference, 29th Oct. 2015
Introduction
Processing and Methodology • Capture from WP 1, 2, 3, 4
• Classification
Technical Presentation • Risk Assessment
• System Architecture
• On-board and Trackside
• Attack Detection
Decision Trees • Temporary Recommendations
Conclusions
3
WP 5 : Recommendations for a resilient
railway infrastructure to EM attacks
WP1: Threat analysis and risk
assessment of EM attack scenarios
WP2: Static
protection
WP3: Monitoring the EM
environment and EM detection WP4: Dynamic
protection
Technical Recommendations Capture
More than 40 recommendations
collected throughout the project
16 TecRec
5 TecRec 14 TecRec 8 TecRec
SECRET Project, Final Conference, 29th Oct. 2015
GENERAL : • Subject
• Description
• Involved Standard
TYPES : • Operational (process, methodology, railway application)
• EM Attack Detection (techniques and application)
• Engineering (design, architecture guidelines)
IMPLEMENTATION : • Permanent (preventive measure)
• Temporary (activated in case of attack detection)
4 SECRET Project, Final Conference, 29th Oct. 2015
Technical Recommendations
Outlining and Classification
5 SECRET Project, Final Conference, 29th Oct. 2015
Operational Recommendations
Methodology : WP1_TecRec_001 : Perform Risk management study
WP4_TecRec_002 : Ensure Interoperability of Risk Analysis Methods
WP4_TecRec_006 : Create Knowledge Repository based on ISO 27034
System Architecture - Application Standardization : WP1_TecRec_005 : Backup communication links (end-to-end)
WP4_TecRec_005 : Evaluate Architecture Features for Resilience
WP4_TecRec_007 : implement Radio Bearer Independence for ETCS
WP4_TecRec_008 : Implement ETCS over IP
WP4_TecRec_009 : Integrate Multi-vector Radio Communication in ETCS
Application & Signalling principles : WP1_TecRec_002 : Minimize train brake impact (lower train speed)
6 SECRET Project, Final Conference, 29th Oct. 2015
Risk Assessment
Line Categories Dedicated High-
Speed Line
High-Capacity
Line
Low-Capacity
Line
Urban Railways
Big Stations
Dedicated
Freight
Typical Speed
(km/h) 300 200 160 0 - 120 100
Traffic Type Passenger Passenger and
freight
Passenger and
freight Passenger Freight
Traffic Density
(trains /h
/direction)
15 8 (mixed traffic)
15 (passenger ) 2-10 30 Typically 12
Train/ jammer location
On-board the train Near the BTS
Between two BTSs
Along the track Near the BTS
Between two BTSs
7 SECRET Project, Final Conference, 29th Oct. 2015
System Architecture
Radio RX/TX
Techno 1
TRAIN ANTENNA AND FEEDER SYSTEM
Radio
RX/TX
Techno 1
ANTENNA COUPLING (OPTIONAL)
MULTI-VECTOR MANAGER
AND QoS MANAGER
…
IP MOBILITY and ROUTING
Radio
Jammer
Detector
Radio
Jammer
Detector
LAN PHYSICAL AND LOGICAL
SWITCHING SYSTEM
Operation and
Maintenance
Manager
…
TRAIN LAN INTERFACES
Subscriber
Identity
Module
Radio RX/TX
Techno 2
Radio
RX/TX
Techno 2
Mobile
Localizer
SECURITY
MANAGER
Radio RX/TX
Techno 1
RADIO COVERAGE (frequency and site planning)
Radio
RX/TX
Techno 1
ANTENNA AND FEEDER SUB-SYSTEM (dedicated or shared)
MULTI-VECTOR GATEWAY
SERVER AND QoS MANAGER
…
IP ROUTING
Radio
Jammer
Detector
Radio
Jammer
Detector
LAN PHYSICAL AND LOGICAL
SWITCHING SYSTEM
Netw
ork
Opera
tion a
nd M
ain
tenance
Managem
ent
Sys
tem
…
TRACKSIDE LAN INTERFACES
Subscriber
Database
Mgr
Radio RX/TX
Techno 2
Radio
RX/TX
Techno 2
Radio GW
Acc. Node
Radio GW
Acc. Node
SECURITY
MANAGER
&
Infra
Database
AIR INTERFACE ON-BOARD TRACKSIDE
Train antenna and network coverage
Multi-Vector IP communication over several technologies
Train mobile localizer
Jammer detector on-board & trackside (within security management)
MAJOR
RADIO
EVOLUTION
8 SECRET Project, Final Conference, 29th Oct. 2015
Engineering Recommendations I
Rolling Stock : WP1_TecRec_009 : Coach RF isolation
WP2_TecRec_001 : Enlarge the ground plane below the train antenna
WP2_TecRec_002 : Improve the shielding effect of the locomotive
WP2_TecRec_003 : Use RF double-shielded coaxial cables
WP2_TecRec_004 : Check if the locomotive vent holes are rightly sized
Train antenna : WP3_TecRec_003 : Switch of train radio (front & rear cab)
WP3_TecRec_005 : Switch electronically a quarter wave reflector
WP3_TecRec_006 : Antenna with managed diagram polarity
WP1_TecRec_010 : MiMo antenna for mobile station
Train Mobile Station : WP3_TecRec_002 : Increase temporarily the train Mobile output power
WP1_TecRec_004 : Send Mobile high power pulse signal
9 SECRET Project, Final Conference, 29th Oct. 2015
Rolling Stock & Train Antenna
Improve Train Shielding
Larger Antenna Ground Plane
Active Notch Antenna
Switch between Rear & Front
Cab Mobile Radio
(Passenger Trains)
MIMO Antenna
10 SECRET Project, Final Conference, 29th Oct. 2015
Engineering Recommendations II
Trackside Antenna : WP3_TecRec_005 : Install very-narrow-beam antennas on BTS
WP3_TecRec_004 : E-plane high front-to-back ratio directive antennas
Radio Network Planning : WP3_TecRec_007 : Install additional BTSs in hazardous area
WP3_TecRec_010 : Activate AIR or OF Repeater
WP3_TecRec_001 : Increase temporarily the ground BTS output power
WP1_TecRec_003 : Send infrastructure high power pulse signal
WP3_TecRec_008 : Switch on emergency BTSs
WP3_TecRec_009 : Create microcells
Radio Network features : WP1_TecRec_006 : Mesh architecture
WP1_TecRec_007 : Frequency hopping
WP1_TecRec_008 : Channel hopping
11 SECRET Project, Final Conference, 29th Oct. 2015
Radio Network Planning & Antenna
Temporarily increase BTS
Power Level
12 SECRET Project, Final Conference, 29th Oct. 2015
Radio Network Planning & Antenna
Additional
Emergency BTS
-80
-60
-40
-20
0
20
40
60
0 1 2 3 4 5 6 7
AR
BTS-B
BTS-A
km
AR : air repeater Gain =70dBDownlinkDownlink with repeaterUplink with repeater
Additional Emergency
Radio Repeater
Micro Cellular
Mesh Networks
13 SECRET Project, Final Conference, 29th Oct. 2015
Attack Detection Recommendations
Jammer Detection Techniques : WP1_TecRec_011 : Multi band detection
WP1_TecRec_012 : Spectrum sensing detection
WP1_TecRec_014 : Infrastructure detector
WP1_TecRec_015 : Individual detector (Staff)
WP1_TecRec_016 : Large band detection
WP3_TecRec_014 : Implementation of EVM jammer detector
Jammer Detection Application : WP3_TecRec_011 : Characterization of the EM rail environment
WP1_TecRec_013 : Coach detection system
WP3_TecRec_012 : Deploy sensors network
WP3_TecRec_013 : Integrate a monitoring system on spectrum database
-40
-60
-80
-100
-120
S(f
) (d
Bm
)
Bursts observation
EV
M
0 50 100 150 200 250 300 3500
20
40
60
80
100
120
Environmentdata base
Jamming Detection System
processing
Communication signal
System processing
Jamming detection
Environment data base
Trackside
Jammer
Detection
On-Board
Jammer
Detection
Spectral
Based
IQ
Based
SECRET Project, Final Conference, 29th Oct. 2015
Attack Detection
15 SECRET Project, Final Conference, 29th Oct. 2015
Temporary Recommendations
Typical temporary recommendations : WP3_TecRec_001 : Increase temporarily the ground BTS output power
WP3_TecRec_003 : Switch of train radio (front & rear cab)
WP3_TecRec_005 : Switch electronically a quarter wave reflector
WP3_TecRec_006 : Antenna with managed diagram polarity
WP3_TecRec_008 : Switch on emergency BTSs
WP3_TecRec_010 : Activate AIR or OF Repeater
WP4_TecRec_009 : Integrate Multi-vector Radio Communication in ETCS
Need to analyze their period of activation : Starting from the jammer detection Up to the full recovery of normal system behaviour
16 SECRET Project, Final Conference, 29th Oct. 2015
Recommendation Decision Trees
Line Categories Dedicated High-
Speed Line
High-Capacity
Line
Low-Capacity
Line
Urban Railways
Big Stations
Dedicated
Freight
Typical Speed
(km/h) 300 200 160 0 - 120 100
Traffic Type Passenger Passenger and
freight
Passenger and
freight Passenger Freight
Traffic Density
(trains /h /dir.) 15
8 (mixed traffic)
15 (passenger ) 2-10 30 Typically 12
Train/
jammer
location
Jamming
power
Jamming
on-board
Near
BTS
<= 1W
< 8W
> = 8 W
Bw two
BTSs
<= 1W
< 8W
> = 8 W
Jamming
trackside
Near
BTS
<= 1W
> = 8 W
Bw two
BTSs
<= 1W
> = 8 W
WiFi LTE
5G SATCOM
FDD TDD L Band S Band
Frequency
band
5,47 to 5.7 GHz 0.7 - 0.8 GHz
Public Safety
1.7 - 1.9 GHz
2.5 - 2.6 GHz
1.9 - 2.5 GHz
3.5 GHz ?
5.9 GHz ?
< 6 GHz
6 GHz-60 GHz
1.525 - 1.66 GHz 2 - 2.35 GHz
Interference,
Jamming
medium
(OFDM)
medium
(OFDM)
medium
(OFDM)
frequency evading more robust
(directive antenna)
more robust
(directive antenna)
Deployment New sites
GSM-R and/or
new sites
GSM-R and/or
new sites
GSM-R and/or new
sites
No infrastructure No infrastructure
Line
categories
Dense area
(urban/stations)
Conventional
and H-S lines
Conventional
lines
To be investigated Regional and low
density lines
Regional and low
density lines
Jammer
location
&
spectral
density
Operational context
Candidate Radio Technologies
DECISION TREES
SECRET Project, Final Conference, 29th Oct. 2015
Jamming on-board
Jamming > 8w
and spectral density
near BTS
not affected
Between two BTSs
Use alternative radio channel
SECRET_WP4_TecRec_008
Jamming < 8W
and spectral density
Between two BTSs
1
H-S Line
Not affected
2
High Density Line
Switching train cab adio
TecRec_003
Electronically switchable antenna reflector
TecRec_005
Increase BTS power
TecRec_001
Activate trackside radio repeater
TecRec_010
Use alternative radio channel
SECRET_WP4_TecRec_008
LTE in TDD mode
WLAN (G5/
802.11p)
...
5
Dedicated Freight Line
Select recommendations
according operational context
Use alternative radio channel
SECRET_WP4_TecRec_008
Satcom
near BTS
Not affected
RxQual Bit Error Rate (BER) Quality of the
communication
0 BER < 0.2% excelent
1 BER= [0.2% à 0.4%] good
2 BER= [0.4% à 0.8%]
3 BER= [0.8% à 1.6%] acceptable
4 BER= [1.6% à 3.2%]
5 BER= [3.2% à 6.4%] bad
6 BER= [6.4% à 12.8%]
7 BER>12.8% Very bad
Detect jamming before loss
of communication
On-board Jammer Mgt Decision Tree
SECRET Project, Final Conference, 29th Oct. 2015
RxQual Bit Error Rate (BER) Quality of the
communication
0 BER < 0.2% excelent
1 BER= [0.2% à 0.4%] good
2 BER= [0.4% à 0.8%]
3 BER= [0.8% à 1.6%] acceptable
4 BER= [1.6% à 3.2%]
5 BER= [3.2% à 6.4%] bad
6 BER= [6.4% à 12.8%]
7 BER>12.8% Very bad
Detect
jamming
before loss of
communication
Jamming trackside
Jamming > 8w
and spectral density
Between two BTSs
Use alternative radio channel
SECRET_WP4_TecRec_008
...
near BTS
1
H-S Line
Switching on emergency BTS
TecRec_008
Increase BTS power
TecRec_001
Use alternative radio channel
SECRET_WP4_TecRec_008
LTE in TDD mode
2 ...
Jamming < 8W
and spectral density
Near BTS
1
H-S Line
Not affected
5
Dedicated Freight Line
Switching on emergency BTS
TecRec_008
Increase BTS power
TecRec_001
Use alternative radio channel
SECRET_WP4_TecRec_008
Satcom
...
Between two BTSs
1
H-S Line
Not
affected
... 5
Dedicated Freight Line
....
Use alternative radio channel
SECRET_WP4_TecRec_008
Satcom
Trackside Jammer Mgt Decision Tree
19 SECRET Project, Final Conference, 29th Oct. 2015
Conclusions
SECRET Project Recommendations are : • Built upon a risk assessment process
• Addressing a wide range of technical aspects
• Preliminary classified and evaluated
• Depending on operational context
• Relying on technology evolution
• Subject to specific implementation strategy
Securing Railways against EM attacks is : • Opening the way to many technical innovations
• An essential topic in (Cyber) Security
Thank you
Pierre Lambert, ALSTOM
20 SECRET Project, Final Conference, 29th Oct. 2015