A Decentralised Key Management System for the European Railway Signalling System

Master thesis (2021)

Authors

D.M. Kester Electrical Engineering, Mathematics and Computer Science

Contributors

Z. Erkin Cyber Security - EEMCS (supervisor 1)
A.J. van der Veen Signal Processing Systems - EEMCS (supervisor 2)
E. Schrik Mott MacDonald (supervisor 1)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2021 David Kester
More Info
expand_more

Published Date

17-12-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Modern railway signalling systems are based on a wireless communication link between train and trackside entities. Secure communication between these entities is established using cryptographic symmetric keys loaded beforehand. Train and trackside entities across Europe are maintained by different Key Management Centres (KMC), making the distribution of the symmetric keys challenging. The involved parties would benefit from using a single European key distribution system. Nevertheless, a recent study concluded that a centralised approach of such a single system is not feasible.

This work presents, to the best of our knowledge, the first decentralised key management system to be used by railway KMC across Europe. Existing procedures mandate that key distribution activities concerning key generation, distribution and deletion must be logged. To meet this requirement, the proposed decentralised system is based on a private and permissioned blockchain. The network is maintained by the KMC making use of the system and access to the system is granted by Registration Centres.

During the design of a single system to replace several one-to-one solutions between KMC, it came into light that train and/or trackside equipment owners might not accept revealing certain types of relationships, as these could, for example, reveal commercial strategies. To overcome this, the proposed decentralised system introduces privacy-preserving and verifiable combinations of train and trackside entities. The protocol is based around the decisional Diffie–Hellman assumption witness indistinguishable proofs.

The proposed design enables European railway KMC to use a single decentralised and scalable system to exchange cryptographic material in a secure and privacy-preserving way. Scalability is shown by building a proof-of-concept based a Byzantine Fault Tolerance consensus protocol. Performance analysis shows that the proposed system is scalable when a proof of concept is implemented with settings close to the expected railway landscape in 2030.