Computer security
1 / 37

Computer Security - PowerPoint PPT Presentation

  • Uploaded on

Computer Security. Passwords. Web. Online Shopping. Industrial Espionage. Internet Banking. Viruses. Hackers. Privacy. Firewalls. Computer Security. Your Life. Computer Security As If Your Life Depended On It Katherine Eastaughffe. RESOURCEFUL RELIABLE RESPONSIBLE. OUTLINE.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Computer Security' - papina

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Computer security

Computer Security



Online Shopping

Industrial Espionage

Internet Banking





Computer security as if your life depended on it katherine eastaughffe

Computer Security As If Your Life Depended On It Katherine Eastaughffe



  • Westinghouse Rail Systems – What do we do?

  • Safety Critical Systems on the Railway

  • How do we develop Safety Critical Systems?

  • Where does Security fit in?

  • Looking to the future

Company overview

  • Company established in 1862

  • Offices in Birmingham, Crawley, Croydon, Glasgow, Swanley, York, Beijing, Germany and Singapore with HQ in Chippenham

  • 1390 employees

  • Part of Invensys Rail Systems (Australia, US and Spain)

What is our business

  • Design, manufacture, installation, commissioning and maintenance of:

    • Railway signalling systems and equipment

    • Train control systems

    • Railway monitoring systems & control centres

  • Supplying Main Line and Mass Transit operators in the UK, Europe and Far East

London s ppp public private partnership

  • Westinghouse supplying resignalling projects to Metronet consortium through Bombardier

  • Resignalling Victoria, District, Circle, Hammersmith, Metropolitan lines over 14 years (>1/2 of the Tube)

Victoria line ssl resignalling statistics
Victoria Line/SSL ResignallingStatistics

  • ~ $850 million contract

  • Resignalling of more than ½ of Tube

  • 150 000 people enter the system each hour

  • About 400 km of track

  • About 160 stations

  • Victoria line to provide > 30 trains per hour

  • London Underground has 2.7 million passenger journeys/day

Automatic train control

Basic Operation

Line Speed = 80 km/h

Protection Profile


Trackside Equipment

Train control systems
Train Control Systems

  • ERTMS (European Rail Traffic Management System)

    • To be deployed across Europe

  • DTG-R (Distance To Go- Radio)

    • Aimed at Metro systems

    • To be deployed on London Undeground


  • Recommended by the Uff-Cullen Inquiry for Automatic Train Protection on UK Mainline railway

  • Common specifications to which suppliers provide equipment

  • Radio Block Centre derives and sends “movement authorities” to trains via a GSM-R radio system

  • A movement authority specifies how far a train can travel along the route ahead

  • Train-borne computer calculates a safe speed based on its received movement authority

Dtg r

  • Processors send “Signalling States” from the interlocking to the train via a radio system

  • Train-borne computer calculates a movement authority and from that a safe speed

What if something interferes with the data
What if something interferes with the data?

Basic Operation

Line Speed = 80 km/h

Protection Profile


Trackside Equipment

What if something interferes with the data1
What if something interferes with the data?

Line Speed = 80 km/h

Protection Profile


Trackside Equipment

What if something interferes with the data2
What if something interferes with the data?

Line Speed = 80 km/h

Protection Profile


Trackside Equipment

What if something interferes with the data3
What if something interferes with the data?

Line Speed = 80 km/h

Protection Profile


Trackside Equipment

How do we prove our systems are safe
How do we prove our systems are safe?

  • Try and identify all the ways that something can go wrong

  • Make sure we have ways for protecting against these threats

  • We construct a Safety Case

  • One part of the Safety Case for Automatic Train Control addresses the questions:

    • What can go wrong with messages sent from the trackside to trains (either accidentally or deliberately)

    • How do protect against failures of message transmission?

What may go wrong with messages
What may go wrong with messages?

  • Repetition of Messages

  • Deletion of Messages

  • Insertion of Messages

  • Resequencing of Messages

  • Corruption of Messages

  • Delay of Messages

  • Masquerade of Messages

Repetition of messages
Repetition of Messages

  • Due to failure of equipment eg message buffer is not properly flushed

  • Due to deliberate storage and replay of messages

  • Sequence Numbers and Timestamps

Sequence numbers
Sequence Numbers

  • Add a running number to each message exchanged between a transmitter and a receiver

  • Receiver checks that number is within suitable range of number of previous message

  • Suitable range means:

    • Eg between 1 and 30 greater than previous number (module 255) for an 8 bit number

    • Suitable range depends on the expected frequency of transmission.

  • This ensure message in specified range is no older than x seconds/minutes

  • Except that if the message is really old, then it might be in range, because sequence numbers have gone right the way round!!


  • Timestamps can plug the hole that sequence numbering technique has

  • Transmitter adds a timestamp to message

  • Receiver checks that timestamp is within given tolerance of the timestamp of previous message

  • Bandwidth may prevent timestamp being sent with all messages

  • Need to be careful about the 1st message received from a transmitter – how do you know its clock is right and the message is not years old.

Deletion of messages
Deletion of Messages

  • May be the result of equipment failure

  • Or Denial of Service attack

  • Most likely source of disruption of message transmission

  • Design the system to be “fail-safe” – if messages are not received it will not cause a hazard

  • Timeout on receipt of messages. If a train does not receive any messages after a given period of time, braking will be applied

  • In emergency situations, you may want to know that a message has been received, in which case there must be an acknowledgement

Insertion of messages
Insertion of Messages

  • Due to cross-talk

  • Due to deliberate insertion of messages

  • Sequence numbers will protect against a large number of false messages because the sequence number is unlikely to be within the expected range

  • Otherwise see masquerading of messages

Resequencing of messages
Resequencing of Messages

  • Messages received in different order to that transmitted

  • Sequence Numbers and Timestamps

Corruption of messages
Corruption of Messages

  • Accidental changes eg from Electromagnetic Interference or collision of messages

  • Deliberate changes

  • Safety Codes

    • CRC (Cyclic Redundancy Codes)

    • Hash Codes

    • Cryptographic Block Codes (Message Authentication Code)

Ertms encryption
ERTMS – Encryption

  • Uses a MAC – a function of the whole message and a secret key

  • A private key for each train

  • Block Cipher used is single DES with modified MAC algorithm 3

Delay of messages
Delay of Messages

  • Timestamps

  • Timeouts – if you don’t receive a message within a given period, enter a fail-safe state, that is, shut-down and apply braking

Masquerading of messages
Masquerading of Messages

  • Use of identifiers

  • Use of cryptographic techniques

Security of rail networks
Security of Rail Networks

  • Of course, there are easier ways of deliberately disrupting railways than spoofing/deleting messages from trackside to train

  • Difficult to gain physical access to network

An interesting website
An Interesting Website


  • Allows you to graphically monitor train traffic on railroads that use the Association of American Railroad’s Advanced Train Control System (ATCS) Specification 200 protocol (among others)

  • All you need is a radio scanner! That is when you’re not listening to the police, or baby monitors

Some other security issues
Some other Security Issues

  • Security of map data and software loaded into train control units

  • Management of private keys for each train

  • The future will involve satellite positioning systems (Galileo) and use of more and more COTS products, which increase the security risk


  • Security issues can be safety issues too

  • To get approval for systems, you have to show that you have considered threats from message integrity and protected against them

  • Real applications for cryptographic techniques

Further information
Further Information


  • Railway Safety Standards

    • BS EN 50159: Railway Applications – Communication, Signalling and Processing Systems

  • ERTMS Standards -

  • Lots of information about Communications Systems for train control, US focussed, no future maintenance,

  • “Safeware: System Safety and Computers” by Nancy Leveson. Addison Wesley 1995

  • IEE Website (Institute of Electrical Engineers) –

    • Railway Professional Network

    • Functional Safety Professional Network

Westinghouse rail systems