secret security of railways against electromagnetic attacks · 2016. 4. 7. · tecrec presentation...

Deliverable on Repository of elements relevant for proposal for TecRec Date: 05/09/2014 Distribution: PU

Manager: ALSTOM

SECRET

SECurity of Railways against

Electromagnetic aTtacks Grant Agreement number: 285136 Funding Scheme: Collaborative project Start date of the contract: 01/08/2012 Project website address: http://www.secret-project.eu

Deliverable D 5.1 Repository of elements relevant for proposal for TecRec

SECRET Project Grant Agreement number: 285136

SEC-D5.1-C-09 2014-Repository relevant for proposal for TecRec-ALSTOM-final

05/09/2014 2 /20

Document details:

Title Repository of elements relevant for proposal for TecRec

Workpackage WP5

Date 05/09/2014

Author(s) R. Comte

Responsible Partner ALSTOM

Document Code SEC-D5.1-C-09 2014-Repository relevant for proposal for TecRec-ALSTOM-final

Version C

Status Final

Dissemination level: Project co-funded by the European Commission within the Seventh Framework Programme

PU Public X

PP Restricted to other programme participants (including the Commission Services)

RE Restricted to a group specified by the consortium (including the Commission) Services)

CO Confidential, only for members of the consortium (including the Commission Services)

Document history:

Revision Date Authors Description 1 01/06/2014 R. COMTE First version 2 15/08/2014 R. COMTE Integration of TechRec feedback from other

WP 3 05/09/14 R. COMTE Integration of A. ZANASI comments



05/09/2014 3 /20

Table of content

1. EXECUTIVE SUMMARY 6

2. INTRODUCTION 7

2.1. Purpose of the document 7

2.2. Definitions and acronyms 7

3. TECREC PRESENTATION 7

3.1. TecRec functions 7

3.2. UNIFE (Union of European Railway Industries) 8

3.3. UIC (International Union of Railways) presentation 9

4. SECRET PROCESS FOR TECRECS 10

4.1. SECRET recommendation template presentation 10

5. SECRET RECOMMENDATION FIRST DELIVERY 12

5.1. WP1: Threat analysis and risks assessment of EM attack scenarios for railway 12

5.2. WP2: Static protection: Topologic solutions to strengthen the railway infrastructure 12

5.3. WP3: Monitoring the EM environment and detection of EM attacks 12

5.4. WP4: Dynamic protection: detection system for resilient architecture 12

6. SECRET RECOMMENDATIONS: SHORT DESCRIPTION 13

6.1. Weaknesses of the system 13

6.2. Potential impact of a jammer 15

6.3. Physical layer protection: Backup solutions 16 6.3.1. SECRET_WP3_TecRec_001: Temporary strengthen signal 16 6.3.2. SECRET_WP3_TecRec_003: Use back cab alternative 17 6.3.3. SECRET_WP1_TecRec_002: Use other radio link 17 6.3.4. SECRET_WP3_TecRec_004-005: Lower aggression strength 18

6.4. System layer protection: Backup solutions 19



05/09/2014 4 /20

6.4.1. SECRET_WP1_TecRec_002: Reliable jammer detection 19

7. CONCLUSION 20

8. REFERENCE DOCUMENTS 20



05/09/2014 5 /20

List of Figures

Figure 1: UNIFE Full member ..................................................................................................................................................... 9 Figure 2: UNIFE Associate member ........................................................................................................................................ 9 Figure 3: UIC members ............................................................................................................................................................. 10 Figure 4: TechRec template..................................................................................................................................................... 12 Figure 5: Examples of immediately available jammers ................................................................................................ 13 Figure 6: On-board passenger perturbing the on-roof GSMR antennas ............................................................. 13 Figure 7: GSMR BTS coverage level example ................................................................................................................. 14 Figure 8: HandOver area .......................................................................................................................................................... 15 Figure 9: HandOver mechanism ............................................................................................................................................ 15 Figure 10: Impact of the jammer on the radio coverage ............................................................................................ 16 Figure 11: SECRET_WP3_TecRec_001: Temporarily strengthened signal .............................................................. 16 Figure 12 : SECRET_WP3_TecRec_003: Use back cab alternative ............................................................................. 17 Figure 13: SECRET_WP1_TecRec_002 : Use Other radio link ...................................................................................... 18 Figure 14: SECRET_WP3_TecRec_004-005: Lower aggression strength................................................................. 19 Figure 15: SECRET_WP1_TecRec_002: Reliable jammer detection ........................................................................... 19



05/09/2014 6 /20

1. Executive summary

WP5 target is to gather, identify and present Technical Recommendations (TecRec) candidates to normative institutions. Therefore a process has been created and deployed to collect, understand and treat information’s from other consortium work packages for this purpose. After selection, a preliminary set of TecRecs has been created, and are now in the way to be push forward to ad-hoc commission. These recommendations are presented in this deliverable. Meanwhile, TecRec candidate process is going on, following progress of the consortium.



05/09/2014 7 /20

2. Introduction

2.1. Purpose of the document

The WP5 aim is to develop proposals for TecRec (Technical Recommendations). A TecRec is a UIC/UNIFE standard (www.tecrec-rail.org) designed to be used within the European region. In the case of SECRET, the TecRec will formalise the recommendations that individual companies may choose to mandate it through internal instructions/procedures or contract conditions. The SECRET proposals for TecRec have to be submitted to UIC/UNIFE standards management groups for analysis and possible approval.

2.2. Definitions and acronyms

Acronym Meaning

EU European Union

EN European Norm

ETSI European Telecommunications Standards Institute

IEC International Electrotechnical Commission

UIC International Union of Railways

UNIFE Union of European Railway Industries

TECHREC UIC/UNIFE joint Technical Recommendations

CEN European Committee for Standardization

CLC CENELEC

CENELEC European Committee for Electrotechnical Standardization

CABRADIO The radio and associated user and other interfaces installed in the cab of a locomotive and for use principally by the locomotive driver.

GSM Global System for Mobile communications

GSMR GSM Railway

EIRENE EUROPEAN INTEGRATED RAILWAY RADIO ENHANCED NETWORK

3. TecRec presentation

3.1. TecRec functions TecRecs are by definition a jointly publish Technical Recommendations between UNIFE and UIC, which have agreed to work together in the field of voluntary Pending the publication of a European standard (Which are identified with EN prefix), TecRecs will serve as a common standard to improve the competitiveness of the European railway systems. Approved by both UNIFE and UIC, the TecRecs are recognised as a voluntary pre-standard by the rail sector as a whole. TecRecs are designed to: • Feed directly into the established European standardisation system, thereby speeding up



05/09/2014 8 /20

the formulation of ENs; • Facilitate the publication of important UNIFE/UIC EU-funded R&D project results, improving their chances of market uptake; • Set new product and interface standards, which are of high priorities for UNIFE and UIC. The general hierarchy within which a TecRec sits is in order of prevalence: Hereafter, the order of prevalence for railways standards:

1. EN elaborated by CEN/CLC; 2. TecRec elaborated by UIC and UNIFE; 3. UIC leaflets elaborated by UIC.

The standards elaborated by CENELEC, dedicated to railway applications, take as reference “fundamental” standards edited by International Electrotechnical Commission (IEC). TecRecs are managed by a joint UIC/UNIFE co-ordination group. Priorities and resolution of conflicts are provided by a joint high-level TecRec Steering Board.

3.2. UNIFE (Union of European Railway Industries)

UNIFE represents the European rail industry in Brussels since 1992. The Association gathers more than 70 Europe’s leading rail supply companies’ active in the design, manufacture, maintenance and refurbishment of rail transport systems, subsystems and related equipment. An additional one thousand suppliers of railway equipment partake in UNIFE activities through national rail industry associations. UNIFE members have an 80% market share in Europe and supply more than 50% of the worldwide production of rail equipment and services. UNIFE represents its members’ interests at the level of both European and international institutions. On the technical side, UNIFE works on the setting of interoperability standards and coordinates EU-funded research projects that aim to the technical harmonization of railway systems. The association is one of the supporting bodies of the European Railway Agency.



05/09/2014 9 /20

Figure 1: UNIFE Full members

Figure 2: UNIFE Associate members

3.3. UIC (International Union of Railways) presentation The UIC mission is to promote rail transport at world level and meet the challenges of mobility and sustainable development. Main UIC objectives are to facilitate the sharing of best practices among members (benchmarking), support members in their efforts to develop new business and areas of activities, propose innovative ways to improve technical and environmental performance, promote interoperability, create new world standards for railways (including common standards shared with other means of transportation) and develop centres of competence (High Speed, Safety, Security, e-Business, etc.).



05/09/2014 10 /20

Figure 3: UIC members

4. SECRET process for TecRecs

For efficiency reason, SECRET consortium has split the overall project in several Work Packages (WP)[A.1].

WP1: Threat analysis and risks assessment of EM attack scenarios for railway;

WP2: Static protection : Topologic solutions to strengthen the railway infrastructure;

WP3: Monitoring the EM environment and detection of EM attacks;

WP4: Dynamic protection: detection system for resilient architecture. From each WP, candidate for TecRec are identified by WP leaders, who are filling a template which is shared during plenary session. During session, the consortium reviews all propositions, and decides about the status of each. Purpose of this review is to sort TecRec’s candidate and to help the author to rank his priorities. Those templates are intended to progress all over the project’s life.

4.1. SECRET recommendation template presentation During the carrying out of the project, several ideas have raised as potential candidate for inclusion into the TecRecs. A standard template has been defined for all Work Packages, in order for the WP participants to gather and identify candidate elements for the TecRecs.



05/09/2014 11 /20

During the plenary session, templates are shared with the consortium. Each proposal is discussed, and with the participation of all WP’s team, decision is taken about the pertinence of the proposal to become a candidate for TecRech. Main topics of the template are:

TOPIC: o Define what type of issue is addressed by the Technical Recommendation;

DESCRIPTION: o Define how the addressed issue is mitigated/solved by the proposed TecRec; o A link to an external document can be added if additional details are required";

WP: o The WPs of the SECRET project related to this TecRec;

TYPE: o New standard: the proposed TecRec requires creation of a new standard; o Standard update: the proposed TecRec requires an update of an existing

standard; o Engineering rules: the proposed TecRec indicates engineering rules best

practices; o Operation: the proposed TecRec indicates operation best practices;

INVOLVED BODY: o The bodies that have to consider the proposed TecRec in case this is not the

good normative body (CENELEC, ETSI….);

TECHREC STATUS: o New: technical recommendation has been created; o Open: technical recommendation has been submitted to SECRET board; o Instructed: technical recommendation has been fully processed by SECRET

board; o Closed: technical recommendation has been processed, i.e. submitted to the

involved bodies or cancelled;

MISCELLANEOUS: o Column used for all other topics (identification of standard to be update,

TecRec status decision rational, TecRec ID…).



05/09/2014 12 /20

Reference TecRec TOPIC TecRec DESCRIPTION TecRec Type Involved bodies TecRec Status WP Misc

SECRET_TecRec_001

"E : GSM-R communication is cut because high

level 2.45 GHz interferer

50 dB additionnal isolation compare to

ETSI specification

Standard

update ETSI New 2

Figure 4: TechRec template

WP5 TecRec reporting list_revA0.xlsx

5. SECRET recommendation First delivery

5.1. WP1: Threat analysis and risks assessment of EM attack scenarios for

railway WP1 Recommendations has to be preliminary checked by the “Security group” before transmission to WP5.

5.2. WP2: Static protection: Topologic solutions to strengthen the railway infrastructure

WP2 Recommendations has to be preliminary checked by the “Security group” before transmission to WP5.

5.3. WP3: Monitoring the EM environment and detection of EM attacks

WP5 TecRec reporting list_WP3_revA0_w_RC_comment.xlsx

5.4. WP4: Dynamic protection: detection system for resilient architecture

WP5 TecRec reporting list - WP4 - Trialog.xlsx



05/09/2014 13 /20

6. SECRET recommendations: short description

6.1. Weaknesses of the system A passenger installed in the train with a portable jammer is perturbing the on-roof GSMR. Such jammer could easily be found on the web and purchased for just a few hundred Euros.

Figure 5: Examples of immediately available jammers

Figure 6: On-board passenger perturbing the on-roof GSMR antennas

BTS (Base Transceiver Station) are spread all along the track. BTS placements are optimized to guarantee of a minimum reception radio level to the train. When travelling, the train moves from one BTS to another one when the signal level coming from former BTS is too low. This is called the HandOver (HO) mechanism. It must be considered that most of existing implementation in train are using 2 antennas and 2 GSMR modem (the set is called data cabradio) to avoid communication loss during



05/09/2014 14 /20

HandOver (this allow having just one of them looking for a new BTS in the same time). In those particular HandOver areas, the signal strength coming from the ground could be low enough to be “hidden” by a jammer.

Figure 7: GSMR BTS coverage level example



05/09/2014 15 /20

Figure 8: HandOver area

Figure 9: HandOver mechanism

6.2. Potential impact of a jammer When the jammer is switch on, the background noise floor climbs up. As the GSMR train receiver needs a constant Signal over Noise Ratio (SNR), it means that the minimum level that the train receiver can accept (sensitivity) increases. The permanent link between train and ground (BTS) is no longer guaranty. The BTS radio coverage level is not sufficient to guarantee the communication, because at some place, the radio level is too low to insure communication. In this case, a hole in the network coverage is open.



05/09/2014 16 /20

Figure 10: Impact of the jammer on the radio coverage

6.3. Physical layer protection: Backup solutions

6.3.1. SECRET_WP3_TecRec_001: Temporary strengthen signal In this case, the BTS could temporarily increase its signal to maintain the minimum SNR needed by the system.

Figure 11: SECRET_WP3_TecRec_001: Temporarily strengthened signal



05/09/2014 17 /20

6.3.2. SECRET_WP3_TecRec_003: Use back cab alternative

In most systems, both extremities of the train are equipped with 2 cabradio’s system (head and tail), with only the head one active. Most of jammers have a small range impact. So, due to train length being superior to the jammer range, both cabradio (head and tail) will not be impacted at the same time. The idea is to use main head cadbradio as master and the tail one as slave, and to switch from master to slave in case of troubles with communication. This shall guarantee a permanent communication.

Figure 12 : SECRET_WP3_TecRec_003: Use back cab alternative

6.3.3. SECRET_WP1_TecRec_002: Use other radio link In this case, the idea is to use other radio links (e.g., public networks like GSM/UMTS/LTE or proprietary ones such as TETRA) assuming that radio coverage of both is not correlated, and so that even if a jammer is operated, the signal level on the other networks will be strong enough (HO area are not overlapping).



05/09/2014 18 /20

Figure 13: SECRET_WP1_TecRec_002: Use Other radio link

6.3.4. SECRET_WP3_TecRec_004-005: Lower aggression strength The idea associated with this TecRec is to lower the potential impact of a jammer by limiting the coupling level with it. Existing antenna have quasi-isotropic radiation pattern (they are receiving Electromagnetic signal from everywhere). The idea is to use:

either passive high gain antennas (SECRET_WP3_TecRec_004) o This antenna has a smaller coupling factor with a jammer.

or “active notch” antenna (SECRET_WP3_TecRec_005), o This antenna is actively modifying its radiation pattern to “isolate” the jammer.



05/09/2014 19 /20

Figure 14: SECRET_WP3_TecRec_004-005: Lower aggression strength

6.4. System layer protection: Backup solutions

6.4.1. SECRET_WP1_TecRec_002: Reliable jammer detection The idea here is that, with trusting on jammer detection systems, the train can continue its progression in a degraded mode (e.g., slow speed). Goal is to allow the train leaving the Hand-Over area. This shall allow it to come back in normal mode.

Figure 15: SECRET_WP1_TecRec_002: Reliable jammer detection



05/09/2014 20 /20

7. Conclusion

The process of potential TecRec identification has been defined and initiated. Based on preliminary results, some good candidates have yet been found by the consortium and could be presented to whom concerned (UIC/UNIFE) to start normalization process. Meanwhile, work packages are still progressing, and other recommendations shall rise for their activity.

8. Reference documents

Title Reference

[A.1] SECRET - SEVENTH FRAMEWORK PROGRAMME – PART B “description of the work”

FP7-SEC-2011-2.2-2

secret security of railways against electromagnetic attacks · 2016. 4. 7. · tecrec presentation...

Documents