MINISTRY OF INFORMATION TECHNOLOGIES AND
COMMUNICATIONS DEVELOPMENT OF THE REPUBLIC OF
UZBEKISTAN
NAMED AFTER MUHAMMAD AL-KHOREZMI
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES
FERGANA BRANCH
Akhmadjonov Ikhtiyorjon Ravshanjon ugli
Research and development of a license plate recognition system
based on artificial intelligence
Sun'iy intellektga asoslangan avtomobil raqamlarini aniqlash
tizimini tadqiq qilish va ishlab chiqish)
5A330501 – Computer engineering
(Design of computer systems)
Written to get a master’s academic degree
DISSERTATION
Supervisor:
docent. R. Zulunov
FERGANA-2023
Annotation
In this master's dissertation, research has been conducted on the
methodology and system of information security in the railway system. The main
purpose and task of the work is the need to ensure information security in the railway
system, the creation of methods of its technical protection, the creation of a coded
method of information security in the railway system and the development of
practical recommendations for their use.
Annotatsiya
Ushbu magistrlik dissertatsiya ishida temir yo’l tizimida axborot xavfsizligini
taminlash metodologiyasi va tizimini qo’shimcha imkoniyatlar bilan boyitish
bo‘yicha izlanishlar olib borilgan. Ishning asosiy maqsadi va vazifasi temir yo’l
tizimida axborot xavfsizligini ta’minlashning zaruriyati, uning texnik ximoyalash
usullarini yaratish, temir yo’l tizimida axborot xavfsizligini ta’minlashning kodli
shovqinlashtirish usulini yaratish hamda usulning samaradorligini baxolash ulardan
foydalanish uchun amaliy tavsiyalarini ishlab chiqish hisoblanadi.
Аннотации
В этой магистерской диссертации было проведено исследование методологии
и системы защиты информации в железнодорожной системе. Основная цель и
задача работы - необходимость обеспечения информационной безопасности в
системе железных дорог, создание методов ее технической защиты, создание
кодированного метода защиты информации в системе железных дорог и
разработка практических рекомендаций по их обеспечению. использовать.
CONTENTS
INTRODUCTION ...................................................................................................... 4
CHAPTER 1. Recognition systems based on artificial intelligence (Sun'iy
intellektga asoslangan tanib olish tizimlari) ............................................................ 8
1.2. The role of artificial intelligence systems in license plate recognition
(Avtomobil raqamini tanib olishda Sun'iy intellekt tizimlarini o'rni)………………..10
1.3. Worldwide license plate recognition research and development (
Butun dunyo bo'ylab avtomobil raqamlarini tanib olish bo'yicha tadqiqotlar va
ishlanmalar)..........................................................................................................17
CHAPTER 2. Development of a vehicle number recognition system (Avtomobil
raqamini tanib olish tizimimi ishlab chiqish)..........................................................21
2.1. The process of recognizing the car number based on artificial intelligence
(Suniy intelekt asosida Avtomobil raqamini tanib olish jarayoni)…………………… 25
2.2 Necessary hardware for developing a license plate recognition system
Avtomobil raqamini tanib olish tizimimi ishlab chiqish uchun kerakli apparatlar28
2.3. Implementation of artificial intelligence-based license plate recognition
system for parking lot (Avtoturargoh uchun sun'iy intellektga asoslangan davlat
raqamini aniqlash tizimini joriy etish)....................................................................34
CHAPTER 3. Work done to evaluate the effectiveness and improve the accuracy
of providing an artificial intelligence-based vehicle license plate recognition
system (sun'iy intellektga asoslangan avtomobil raqamini aniqlash tizimini
ta'minlash samaradorligini baholash va aniqligini oshirish uchun qilingan ishlar) 43
3.1. ................................................................................................................. 50
3.2. ................................................................................................................. 53
3.3. .................................................................................................................... 58
Summary ............................................................................................................. 65
References: .......................................................................................................... 67
INTRODUCTION
In today's era of rapid development of information and communication
technologies, the information resources of any state is one of the important factors
determining its economic and military potential. The effective use of these resources
will ensure the security of the country and the successful formation of a democratic
information society. In such a society, the speed of information exchange will
increase, and the use of advanced information and communication technologies for
the collection, storage, processing and use of information will become more
widespread.
Today, the information society is rapidly evolving, and the notion of state
borders is disappearing in the world of information. The global computer network
plays an important role in the socio-economic, political, spiritual and cultural life of
the world. Therefore, the protection of information is an important public duty in
any country. The need for information protection in Uzbekistan is reflected in the
creation of a state system of information protection and the development of the legal
framework for information security. In this regard, the laws of the Republic of
Uzbekistan "On Protection of State Secrets", "On Informatization" and others have
been adopted and are being implemented.
The state policy in the field of informatization in our country is aimed at
creating a national information system, taking into account the modern world
principles of development and improvement of information resources, information
technologies and information systems. Emphasizing the importance of information
technology in the development of society, the First President of the Republic of
Uzbekistan Islam Karimov said: “In today's world, in the age of the Internet and
electronics, the widespread introduction of modern information and communication
technologies in the economy, further e-government. development is a priority.
As the demand for information and telecommunication technologies in the
developed countries of the world grows, so does Uzbekistan. President of the
Republic of Uzbekistan Shavkat Mirziyoyev on September 19, 2018 at a meeting
dedicated to the analysis of work in the field of information technology and
communications, the definition of additional measures for the accelerated
development of the industry. "It will create," he said.
Law of the Republic of Uzbekistan "On Telecommunications" of August 20,
1999, Laws "On Informatization" of December 11, 2003 and "On Electronic Digital
Signature", PQ-117 of July 8, 2005 "On additional measures for the further
development of information and communication technologies", April 3, 2007 "On
measures to organize the cryptographic protection of information in the Republic of
Uzbekistan" Presidential Decrees No. PP-614 of March 21, 2012 and No. PP-1730
of March 21, 2012 "On measures for further introduction and development of
modern information and communication technologies" was able to stimulate further
development.[1]
The Law of the Republic of Uzbekistan "On Principles and Guarantees of
Freedom of Information" of December 12, 2002 states that the state policy in the
field of information security is aimed at regulating social relations in the field of
information and information security of individuals, society and the state. is defined
as The adoption of the Law "On the Principles and Guarantees of Freedom of
Information" has played an important role in the implementation of the right of
everyone to free and unimpeded access to information, as well as the protection of
information, information security of individuals, society and the state .
Substantiation of the dissertation topic and its relevance.
The method of information security in railway systems, which is covered in
this master's dissertation, is accompanied by the creation of organizational and
practical conditions to limit the unauthorized access and use of existing information.
Valuable information on the analysis of the methods and means of information
security in railway transport, the need, as well as the promotion of cryptographic
methods of security
Object and subject of research.
One of the most important requirements for modern communication systems
and networks is to ensure the confidentiality and confidentiality of information
transmission. The object of research is fiber-optic communication lines that meet the
high requirements of modern telecommunications systems.
Research goals and objectives.
Evaluation of their effectiveness in the development of methods of technical
protection of information security in railway transport, the development of practical
recommendations for their use.
The main issues and hypotheses of the research.
Basic characteristics of the railway system, a cryptographic method of
information security in railway systems.
Review of the literature on the research topic.
More than 20 publications of foreign and domestic scientists on the subject
were analyzed and the results of the analysis were used to address the key issues
raised in the dissertation.
Theoretical and practical significance of research results.
At present, large-scale work is being carried out in all developed countries
of the world to improve the railway systems, increase their efficiency in the
transmission and processing of information. The results of the study can be used to
ensure information security in railway systems and networks.
Scientific novelty of the research.
Scientific innovation consists of:
1) The modernity of the optoelectronic method of information security in railway
systems is substantiated.
2) The advantages and disadvantages of methods and means of information security
in railway systems are analyzed.
3) A method has been developed to prevent unauthorized access to information
signals in the railway system
4) Software has been developed to evaluate the effectiveness of protection of
information on railway lines from unauthorized impact.
5) The effectiveness of the method of protection against unauthorized acquisition of
information signals in the railway system was evaluated.
A brief description of the content of the master's dissertation.
In the introductory part of the master's dissertation the substantiation and
relevance of the topic, the goals and objectives of the research, the theoretical and
practical significance of the research results, scientific innovations are described.
Chapter I of the master's dissertation provides an analysis of methods and
tools to ensure information security in railway transport.
Chapter II of the master's dissertation deals with the development of a coded
interference method to ensure information security in the railway system.
Chapter III of the master's dissertation deals with the device of information
security in the railway system.
The concluding part of the master's dissertation shows the scientific and practical
significance of the research results, solutions to the research problem.
CHAPTER 1. ANALYSIS OF METHODS AND MEANS
1.1.
The need to ensure information securit
Information and communications technologies (ICT) play a vital role in
helping railway operators improve their system safety and service reliability, provide
higher transit capacity, and keep the costs of building, operating, and maintaining
their infrastructure in check. For example, many urban transportation systems
around the world have deployed some form of communications-based automatic
train control (e.g., [2]). In those systems, multiple cyber components, including
wireless communication, software defined control logic, and near-real-time data
visualization at control centers, have been introduced to replace their conventional
physical counterparts. As another example, with smart phones becoming ubiquitous,
transit operators (e.g., [3]) are introducing mobile apps to provide consumers with
information about train schedules, as well as push notifications about emergency
events or other relevant information. While the benefits of digitizing urban railway
systems are obvious, the potential implications of this evolution could be multifaceted and profound, especially when it comes to the issue of security. For older
railway systems, where train protection is based on track circuits and mechanical
relay signaling, the security concerns reside primarily in the physical domain. In
comparison, the ICT components used in newer automatic train control systems
expose additional cyber-attack surfaces, which could allow sophisticated attackers
to combine cyber-attack vectors with physical attack means to achieve malicious
goals. This makes it difficult to assess the security of digitized urban railway systems
using traditional approaches (e.g., safety analysis methods) that are most familiar to
transit operators and other stakeholders. At the same time, security analysis
approaches used in other ICT systems (e.g., enterprise networks) are also not readily
applicable to urban railway systems, since cyber components can have complicated
interactions with the physical assets, or even passengers (e.g., with a false
notification through a mobile app).
In this work, we take a close look at two concrete examples of cyber-intensive
systems used in urban railway environments a communications-based train control
(CBTC) system and a mobile transit information app and use them to analyze the
cyber-physical security challenges introduced by the digitization of urban railway
systems. At the high level, we identify two key challenges:
 Cross-domain attack and defense: For a digitized urban railway system, with
its many components that span a large geographic area in the physical domain
and interconnect with each other in the cyber domain, attack and defense can
manifest in multiple stages, involving both cyber and physical actions.
 Physical-domain consequences from cyber breaches: Security breaches in the
cyber domain, such as falsified information or malicious control logic, can
have a complicated impact on the physical domain, which is also subject to
an urban railway system’s underlying design features, such as fail-safe
mechanisms.
The evolution of urban railway systems requires the corresponding evolution of
security analysis methodologies in particular, the need for encompassing a
systematic cyber-physical perspective. In particular, we find that in the CBTC
example, the Failure Modes, Vulnerabilities and Effects Analysis (FMVEA)
approach [4], which originates from the safety engineering domain, provides a
convenient starting point, since the primary concern in train signaling is avoiding
“hazards” such as train collisions or derailments, regardless of whether they are
caused by cyber or physical means. In summary, we analyze the cyber-physical
security implications of the ongoing evolution of urban railway systems, present
analysis results obtained from two different methods, and use them as concrete
references to discuss the way to move forward.
1.2. Cryptographic methods of information security in railway
transport
Nowadays in railway applications, with respect to high requirement to
Safety Integrity Level (SIL) of an interlocking and a communication
system, the safety of subsystems cannot be demonstrated by tests only,
but also by theoretical models based on quantitative analysis [5]. Negative
influence also results from the fact, that a generally acceptable theoretical
apparatus for risk analysis and safety level evaluation is missing, which
would objectify the whole process of safety consideration. Reciprocity
information exchange leads to opinion of safety certification unification. It
leads to problems minimize by reciprocity acceptation advisement results.
The genesis of the problem is based on the fact, that single countries of
European space developed philosophical different signaling systems and
interlocking systems too. These systems have been developed basically at
the national level with different types of signals and devices. Today it
is very difficult to harmonize these devices. Developing the uniform ETCS
(European Train Control System) in Europe can solve these problems in
the future, although implementation of particular application level of
ETCS depends on economical situation in individual European country
[6].Application level ETCS L2 assumes communication across GSM-R
(Global System for Mobile - for Railway) network and communication
protocol Euroradio, which content some cryptography mechanisms for
keeping of integrity and authentication procedures of railway transport
entities, e. g. communication between OBU (On Board Unit) in train with
RBC (Radio Block Central) and communication between RBC-RBC [5]. In
several part of cryptography systems within ETCS system is in the phase of
evolution and discussions.
Concerning to very dynamic developed
discipline (as it is cryptography) and with related cryptanalysis several
recommended cryptography algorithm in Euroradio system is not
computationally safety just now (not resistant against existing attacks)
[7]. Therefore it is necessary to create the methodology for safety
evaluation of the cryptographic algorithms or the cryptographic modules
and to determine computationally safety of recommended cryptographic
mechanisms, to consider their selection and in addition to proposal for these
algorithms KMS (Key Management System). In Europe countries this time
KMS is in the phase of developing. With respect of interoperability in
railway transport in European countries these procedures and convention
must be solved incorporate with railway companies in Europe. The
reciprocal acceptance an interlocking and communication systems safety
appraisal results bring considerable financial savings and significantly
reduce the deployment of new systems into railway operation (the
necessary requirement for interlocking system implementation is a positive
result of Safety appraisal). In addition more suitable conditions are
created for penetration of these systems onto third-party countries (the
reference of the systems safety being accepted by several countries
organizations acts positively).
These rules are valid for specific part of safety related systems too, which
is communication. It is well known that standards for commercial sphere (e.
g. financial sector, company information systems, ...) exist but for applications of
cryptography with increasing safety integrity level the methodology for safety
evaluations absent. E. g. the FIPS 140-2 [8] standard is applicable to all federal
agencies that use cryptographic-based security systems to protect sensitive
information in computer and telecommunication systems. For safety evaluation
of cryptography modules methods based on the quantitative analyses are
recommended in comparison of approach apply in the commercial sphere, where
the methods are based on the qualitative analyses. According to standard FIPS
PUB 140-2 cryptographic modules are divided to four qualitative levels:
Security Level 1 - provides the lowest level of security. No specific
physical security mechanisms are required in cryptographic module beyond the
basic requirement for production-grade components.
Security Level 2 – improves upon the physical security mechanisms of a
cryptographic module by requiring features that show evidence of tampering,
including tamper-evident coatings or seals that must be broken to attain physical
access to the plaintext cryptographic keys and critical security parameters (CSPs)
within the module.
Security Level 3 – attempts to prevent the intruder from gaining access to
CSPs held within the cryptographic module. Physical security mechanisms
required are intended to have a high probability of detecting and responding to
attempts at physical access, use or modification of the cryptographic module,
trusted channel for manipulation of critical data – B1 according to TCESEC
[8] are used.
Security Level 4 – provides the highest level of security. The physical
security
mechanisms provide a complete envelope of protection around the
cryptographic module with the intent of detecting and responding to all
unauthorized attempts at physical access. General requirement to cryptography
techniques which must be fulfill are described in the norm EN 50159 [9].
2. Requirements for Cryptography
Mechanisms within Safety Critical Applications Cryptographic techniques are
recommended to apply within safety-related application (e. g. safety-related
control system in railway transport) if malicious attacks within
the
open
transmission network cannot be ruled out. This is usually the case when safetyrelated communication uses a public network, a radio transmission system and
a transmission system with connections to public networks. Cryptographic
techniques can eliminate masqueraded of message. Cryptographic techniques
can be combined with the safety encoding mechanism or provided separately.
The degree of effectiveness of cryptography mechanism depends on the strength
of the algorithms and the secrecy of the keys. According to norm for railway
applications [9] the safety case shall demonstrate the appropriateness of
the
following: technical choice of cryptographic techniques (performance of
encryption algorithm, key characteristics), technical choice of cryptographic
architectures (checking the correct functioning - before and during the
operational phase of the cryptographic processes when they are implemented
outside the safety-related equipment), management activities (production, storage,
distribution and revocation of confidential keys). The cryptographic algorithm shall
be applied to all user data and may be applied over an additional data that is
not transmitted but is known to the sender and the receiver (implicit data).
The basic principle of safety - related communication between two safetyrelated equipment SRE 1 and SRE 2 is illustrated in Fig. 1. The additional safety
layer, certificated in the required safety integrity level (SIL) must be implemented
within a safety - related equipment. It is layer of the safety - related transmission
in which is implemented the safety mechanism a safety code for elimination of
unintentional attack affected by EMI (Electromagnetic Interferences) and the
safety layer the access protection, which is realized with the use of
cryptographic code, or cryptographic techniques. This layer can be component
part of safety – related equipment or can be apply in input point to untrusted
transmission systems. According to norm [10] within safety - related
communication across open transmission system, in which is not possible to
eliminate unauthorized access to system, within communication layer of the
access protection the block cipher based on secret key is high recommended (model
of structure message B0) or cryptography code (model of structure message B1).
Fig.1: Location of cryptographic module within communication between two safety
– related equipment
3. Result of Error Probability
Determination with Application to Euroradio Protocol Determination of an
average error probability of the cryptography code word was realized for
combined communication system, which consists from the safety code and the
cryptographic code MAC (Message Authentication Code) [12]. The formal
notation of MAC calculation is: ) (M C MACKc (12) where M is the message,
K c is the shared key and C representing ciphering operation. This alternative
cryptographic technique is well recommended for using in Euroradio safety
layer
of communication protocol within ETCS system, developed in railway
application in Europe. This cryptography code is recommended to apply in CBC
(Cipher Block Chaining) mode CBC-MAC, which improves the safety of algorithm
[13]. CBC-MAC is based on 3-DES block cipher, which enciphered the block size
of length k = 64 bits with applying the secret keys of length 168 bits and is using in
secure
procedures
ensuring
message
authentication
and integrity during
transmission. Let us assume that the safety code is detection cyclic linear
block code works in the principle of CRC (Cycling Redundancy Check) CRC-16. Further we assume that probability of undetected error of code word Pw
= 2 -16 (according to norm [9], so called the worst case). The ensembleaverage cryptographic word error probability cw P was realized according to
relation (10). The results of cw P for different length of code word in the input of
ciphering encoder (k = 64, 128, 192, 256) and different length of input plaintext (n
= 1.10 4 , 5.10 4 , 1.10 5 , 5.10 5 , 1.10 6 , 5.10 6 ) are illustrated in Tab. 1 and Tab.
Graphical results of cw P as function of input bit stream of plaintext n for constant
value of code words in input of cryptography decoder is illustrated in Fig. 3. In the
graph illustrated in Fig. 4 we can shown how is changed cw P dependence of
code words k = 64, k = 128 and k = 256 in the input of cryptography encoder.
Tab.1: Result of the average error probability with using cryptography code in
accordance with parameter n.
Fig.3: Caption example
Tab.2: Result of average error probability with using cryptography code in
accordance with parametr k.
Fig.4: Average error probability of the cryptography code in
dependence on k.
This is simulation of changing cryptography algorithms
DES or
3-DES
to today resistant block cipher to known cryptanalytic attacks AES (Advanced
Encryption Standard) for constant length of plain text n = 10 4 .
1.3.
Methods of technical protection of information security in railway
transport
ERTMS DEFINITION AND ARCHITECTURE The European Rail Traffic
Management System (ERTMS) is a single European signalling and speed control
system that ensures interoperability of the railway systems, with the aim of reducing
the purchasing and, possibly, maintenance costs of the signalling systems. It can, in
some cases, as well increase the speed of trains and the capacity of infrastructure.
1.3.1 picture The main chart of railway transport systems
The main added benefit of ERTMS is to allow interoperability, stepping
away from the installation of diverse trackside systems requiring the corresponding
distinct on-board systems. ERA plays the role of system authority for ERTMS. In
that respect, it establishes a transparent process to manage, with the contribution of
the sector’s representatives, any system changes. ERTMS comprises of the
European Train Control System (ETCS), i.e. a cab-signalling system that
incorporates automatic train protection, the Global System for Mobile
communications for Railways (GSM-R) and operating rules. More specifically:
ERTMS comprises of the European Train Control System (ETCS), i.e. a cabsignalling system that incorporates automatic train protection, the Global System for
Mobile communications for Railways (GSM-R) and operating rules. More
specifically:
 ETCS (European Train Control System). The signalling element of the
system which includes the control of movement authorities, automatic train
protection and the interface to interlocking in a harmonised way. It allows the
stepwise reduction of complexity for train drivers (automation of control activities)
- It brings trackside signalling into the driver’s cabin - It provides information to the
on-board display - It allows for permanent train control – The train driver
concentrates on core tasks.
 GSM-R (Global System for Mobiles - Railway). The telecommunication
network offers both a voice communication service between driving vehicles and
line controllers and a bearer path for ETCS data.
It is based on the public standard GSM with specific railway features for
operation e.g. Priority and Pre-emption (eMLPP) - Functional Addressing Location
Dependent Addressing - Voice Broadcast Service (VBS) - Voice Group Call (VGC)
- Shunting Mode - Emergency Calls - Fast call set-up. General Packet Radio Service
(GPRS option) can also be used in GSM-R networks to offer more data possibilities.
ETML (European Traffic Management Layer). The operation management level is
intended to optimise train movements by the "intelligent" interpretation of timetables
and train running data. It is expected to involve the improvement of real-time train
management and route planning - railway node fluidity - customer and operating
staff information across international railway networks. The following illustration
provides an overview of the main ERTMS equipment and its interconnections.
1.3.2 picture. Basic components of ERTMS
ERTMS has two basic components

ETCS, the European Train Control System, is an automatic train protection
system (ATP) to replace the existing national ATP-systems;

GSM-R, a radio system for providing voice and data communication between the
track and the train, based on standard GSM using frequencies specifically
reserved for rail application with certain specific and advanced functions. For
more information on GSM-R, please click here.
ERTMS aims at replacing the different national train control and command systems
in Europe. The deployment of ERTMS will enable the creation of a seamless
European railway system and increase European railway's competitiveness.
ERTMS is a standardised solution with an architecture defined in the Control
Command and Signalling Technical Specifications for Interoperability (CCS
TSI)47. However, maintenance tools and the external interfaces (interlocking,
maintenance system, traffic management system (TMS), etc.) are open and depend
on the chosen system supplier. More and more systems allow remote access through
maintenance tools to the radio block centre (RBC), GSM-R, etc., increasing the
associated risks and widening the attack vector. More and more information
management systems (IMS) require global connected systems to improve the
performance and provide new services to passengers.
2.
Development of a method of information security in railway transport
Based on the analysis of existing methods and tools to ensure information
security in fiber-optic communication lines, an optoelectronic method has been
developed against modern technical means of unauthorized assimilation of
information in the optical fiber communication system.
The optoelectronic method against modern technical means of unauthorized
assimilation of information in the fiber-optic communication system consists of the
following.
In an optical fiber communication line where the information signal is
transmitted, the information is irradiated by the receiver with a noisy optical signal.
In this way, a mixed signal consisting of an information signal and a noise signal is
formed on the fiber-optic communication line. Therefore, in the case of unauthorized
acquisition of information from any part of the fiber-optic communication line, the
signal received by a malicious person is a mixed signal, which prevents the
separation of the information signal from the mixed signal due to unknown features
of the noise signal.
On the receiving side of an optical fiber communication line, the noise signal
in the mixed signal is compensated in the same way as the noise signal emitted in
the optical fiber communication line. To do this, in the transmitting part of the
optical fiber communication line, the transmitted signal uc (t) is formed in optical
radiation to pc (t) and is focused at the input of the optical fiber communication line
with two outputs of the optical fiber communication line. The information signal
generated in optical radiation travels along the entire length of the fiber optic line
and is focused on the sensitive area of the radiation receiver at the first output.
A pm (t) optical noise signal is applied to the receiving side of the second output of
the fiber optic line, and in the reverse direction the information signal is propagated
along the entire length of the fiber optic line.
In this case, the total optical signal acts on the sensitive area of the radiation receiver:
pfqq(t) =рs(t) + рsh(t)
3.1. A photoelectric signal is generated at the output of the radiation receiver
according to the expression:
ufqq(t) =us(t) + рsh(t)
where: us (t) is the information signal at the output of the radiation receiver, rsh (t)
is the noise signal at the output of the radiation receiver.
To compensate for the noisy electrical signal, a phase-inverted noisy
electrical signal is added to the mixed electrical signal at the output of the noisy
signal source in expression (3.2).
Then
ufqq(t) =us(t) + ush(t) - ush0(t)
we have an expression.
where: ush0 (t) is a phase-inverted noisy electrical signal.
based on the condition ush (t) = ush0 (t)
ufqq(t) = us(t)
Thus, the noisy electrical signal in the total mixed electrical signal is fully
compensated.
The developed optoelectronic method is adopted for the transmission of
digital information signals along the fiber-optic communication line, as well as
analog information signals.
In this case, analog as well as digital noise signals, and even quantum
cryptography without secret key transmission, were adopted as the noise signal.
Therefore, the secret key of quantum cryptography is formed and used in the
receiving part of the optical fiber communication line. Also, the secret key of
quantum cryptography may have been accidentally generated by a secret key
generator. The block diagram of one of the devices, which can be a modern technical
tool that implements the optoelectronic method of combating unauthorized
absorption of information on the fiber-optic communication line, is shown in Figure
3.1.
The device works in the following order: the microphone amplifier converts
the speech signal amplified by TChK1 into an electrical signal Microphone - Mik1,
and the first source of speech signal radiation is transmitted to SNM1. As a result,
the first source of speech signal radiation, SNM1, irradiates the light flux with
sufficient intensity, and the law of change is consistent with the law of speech signal
conversion. The generated SNM1 radiation current is focused at the entrance to the
OTAL1 optical fiber communication line, and this light flux travels a certain
distance and falls on the light-sensitive area of the first radiation receiver NQQ1.
The electrical signal is then amplified at the output of the first radiation receiver
using the first photoelectric amplifier FK1, the first summator is transmitted to one
of the inputs of SUM1, the resulting signal is transmitted to the input of the first
power amplifier QK1, and the output is amplified to the input of the first speaker
DG1.
As a result of the combination of the two components of the optical signal,
the received signal becomes almost indistinguishable. To isolate the information
signal, a noisy electrical signal is transmitted to the second output of the summator
SUM1 at the opposite phase output of the first interference generator XG1. In this
case, the noisy signal coming to the two inputs of the summator is the opposite phase.
As a result, the amplitude of the electrical noise signal entering the first and second
summator inputs is uniformly compensated, resulting in an informational electrical
signal without a noise signal corresponding to the electrical signal at the first
microphone output at the summator output.
In the operation of the information circuit, the hearing aid EQ1 does not
allow the separation of the information signal from the common signal due to the
presence of a noisy signal in the optical signal from any area of the optical fiber
line.[14] In this case, the protection of information transmitted on the fiber-optic
communication line is created. The mode of movement of the second channel of the
developed device is similar to the mode of movement of the first channel.
2.1.
Development of a coded interference method to ensure information
security in railway transport
Modern railways have moved a long way from the slow, noisy, polluting and
poor safety record of their earlier ancestors and offer speed, comfort, convenience
and enhanced safety approaching those of air travel these days. This is largely driven
by incorporation of many modern innovations into the infrastructure, rolling stock
and operations comprising advanced computing on-board and track side, high-speed
communications, energy efficient traction systems and new track materials. These
evolutionary changes have rendered railways a highly attractive mode of
transportation in today’s world. The systematic safety assurance of a product, system
or process (PSP) requires the consideration of key activities at each phase of the
development and deployment. This is referred to as the life-cycle perspective and
constitutes the backbone of the most standards and codes of practice.
The generic PSP safety life-cycle comprises 12 phases as follows:
1. Concept Definition
2. Detailed Definition and Operational Context
3. Risk Analysis and Evaluation
4. Requirements (including Safety Requirements) Specification
5. Architecture and Apportionment
6. Design and Implementation
7. Manufacture/Production
8. System Integration
9. Validation
10.Acceptance
11.Operation, Maintenance and Performance Monitoring
12.Decommissioning.
The life-cycle concept constitutes the backbone of the systems engineering
practice and the most system safety processes, standards and codes of practice. It
exists in a variety of forms and detailed stages depending on the source. One old
reference from railway safety standards [1,2] depicts this as a 12–14 phase process
by separating many of the later stages such as monitoring and modification into
distinct phases as depicted.
System Safety Life-cycle According to CENELEC Standards
The question of perspective and level is quite fundamental to understanding
the system, its constituents, the topology, interfaces and dynamic behaviour. The socalled ‘top-level’ system perspective is a vision and representation that includes four
classes of constituents, namely
 People comprising users, operators, suppliers and the public (the latter
category is relevant to the safety and security issues) that is sometimes
referred to as stakeholders,
 Control and automation system that performs functions based on embedded
logic and algorithms in machines of mechanical, electro-mechanical or
electronic nature,
 The infrastructure that supports the functioning of the system. This includes
supporting systems and the host environment that surrounds the system
including the energy supply, major interfaces with neighbouring or supporting
systems/sub-systems, etc.,
 Processes and rules that govern the interactions between people, automation
and the infrastructure. These are a broad range of operational, legal,
commercial and emergency response conventions that create a common
understanding for all system stakeholders. The socio-economic setting within
which a system is realized and operated can also be considered as a part of the
environmental rules and constraints that influence the functions and
behaviours of the systems.
A general view of the broad system composition is depicted as the so-called toplevel system perspective.
In the life-cycle perspective, especially the one depicted above, the specification of
requirements including the safety requirements commence in phase 4 of the system
life cycle. This in practice is unreal and untrue. Most system requirements and
indeed some high-level safety requirements are known at the start of the life cycle.
These are broadly derived from a number of sources comprising:
1. Past experience of similar or reference systems,
2.
Customer and stakeholder expectations,
3. Contractual documents,
4. Operational principles known in the domain and derived or represented in the
concept of operation (ConOps),
5. Regulations, standards, rules and codes of practice.
It is worth noting therefore that the system performance requirements are not
strictly the matter for a specific time or phase in the life cycle and can predate the
system. It is also an evolutionary and iterative process that gains more details the
further development moves down the life-cycle phases. The derivation of system
level requirements (SLR) is depicted some results.
2.2.
Device for information security in railway transport
The networks used in the Railway domain are usually heterogeneous, not
enough protected and not fitted to the usual Cyber Security requirements in terms of
sustainability, protection and attack detection. Furthermore, the quick evolution of
the telecommunication means, the threats and the sustainability aspects have to be
taken into account in order to protect the Railway system. Through the SmartRaCon
consortium, Railenium is an Associate Member on Innovation Programme (IP) 2 of
the Joint Undertaking Shift2Rail. The activities on IP2 started through the X2Rail-1
project that deals with the start-up activities for Advanced Signalling and
Automation System. In particular, Work Package (WP) 8 deals with the Cyber
Security issues. The paper presents the first contributions of Railenium on
WP8 that can be divided into three main aspects dealing with the Cyber Security
of the wireless part of the railway communication system: detection, decision and
Human-in-the-Loop. Part of the work will be devoted to the development of an Open
Pluggable Framework (OPF). The OPF is a software framework based on
automation principles. It monitors the environment, then some algorithms detect
abnormal behaviours, and next, OPF decides which reaction to take and finally apply
this action (e.g. an alarm or a reconfiguration).
The first part of the work deals with the development of generic detection
solutions able to detect different types of cyber-attacks targeting different levels of
the network stack. The detection algorithms will be implemented on Software
Defined Radio (SDR) cards in order to propose hardware probes monitoring
the physical layer. Software probes solutions will then be developed to monitor
activities on the other levels of the network stack for different network protocols.
The output of these probes will be injected into the OPF which constitutes the
monitoring architecture. The second part of the work consists in investigating
the use of adaptive classification algorithms for the detection and identification
of attacks. It would allow to: (1) Detect unknown (new) internal and external threats
and intrusions, (2) Build models with incomplete knowledge about the normal and
safe modes, (3) Adapt the built models to evolving behaviours of the attackers to
break the security rules. In such a system, some basic rules are coded in the first
initialisation of the system and then the attack detection system will monitor
and analyse any kind of possible drift in the behaviour of the operator to detect and
localize further attacks more precisely.
Finally, Human factor has to be addressed in the risk analysis. It consists in
assessing the professional human
driver and CTC (Central Traffic Control)
supervisor abilities to react to (simulated) cyber-attacks, or to their consequences, in
a realistic simulator, by reproducing scenarios involving humans, analysing their
behaviours and their abilities to detect and to mitigate the threats. Then, the method
will look for strategies, indicators and devices useful for human counter measures.
More generally, the work consists in improving human detection and recovery and
enhancing their system resilience. Given the rapid evolution of telecommunication
and cyber threats, the railway sector has a double concern to evolve to improve its
services and to protect itself in order to continue to guarantee its safety. As part of
the X2Rail-1 project, Cyber Security is being considered through the design of an
Open Pluggable Framework (OPF), which is responsible for managing
surveillance
data,
decision-making
functions
and
activation of adapted
countermeasures. Work in progress is based on accurate analyses of the impacts of
attacks on different communication standards. This work aims at identifying the
most relevant parameters to be monitored for detecting and classifying the attacks.
As the prospective investments in technical and technological modernisation of
railway traffic are limited, greater traffic rationality and efficiency in the following
development period should primarily rely on organisational improvement and
business promotion of the railway company. One of the ways to reach these goals is
a more market-oriented railway policy which makes allowance for the need to adapt
to specific requirements of domestic and international transport services market in
terms of scope, type and quality of services rendered, which will at least reduce
irrational behaviour within the traffic system and help stabilise the national economy
as well as bring certain income in the process.[15] The follow-up of market
requirements, relations and changes and the efficiency in mobilising internal
potentials require the availability of certain information. Considering the importance
of such information, its flow, processing, use and storing cannot be left to inertia and
chance. Instead it should be purposefully organised within an appropriate
information system[1]. This is vital for ensuring access to the right kind of
information for successful planning and market-oriented business policy and thereby
for efficient and rational operation of the entire management and information
system. In this case the solution to a decision-making process will be well-defined
and the output decision will be automatically determined through the input of data
into the programmed problem-solving model. Such software, where only
quantitative data are entered into problem-solving model and the outgoing solutions
are made possible by firmly defined algorithms, are conventional computer
applications. Such software products do not possess any "knowledge of their own"
which would be capable of modelling and finding solutions to problems. There are
far more decision-making problems whose solving process can be only partly
presented by means of algorithms, either as a result of their poor efficiency or
inadequately articulated problems
[16]. Such problems can only be solved by
experts in specific problem situations who use their expertise gained through training
and working experience. Owing to the continuous progress made in the computer
technology, expertise can be stored today in the computer by means of artificial
intelligence techniques.
The basic working plan of the Croatian Railways is the timetable regulating
the organisation of passenger and freight transport. Consequently, all decisions are
directly or indirectly related to it or its constituent elements. These decisions are
made on strategic, tactical and operative levels within various time limits set for their
implementation. The time dimension and the framework of strategic decisionmaking can be best presented by creating the basic working plan of the Croatian
Railways, and that is the timetable being prepared on yearly basis. Various activities
(traffic, train traction, civil engineering, electrical engineering), their co-ordination,
the capacity to carry out assigned tasks, the defined development and business
policy, all constitute a functional whole. Defining the required availability of traction
and driving vehicle's infrastructure, staff, organisation and technology of passenger
and freight train traffic are basic prerequisites for an operable railway traffic system.
The proper co-ordination of well-formed decisions will ensure required technical
facilities and staff support in transportation whereas the well-run organisation and
operational technology of passenger and freight trains will meet market demands for
railway transport services [17]. Over the one-year timetable period various factors
will appear which will interfere in the implementation of some elements of the
timetable.
Everyday influences, above all the uneven flow of passenger or freight traffic
and the need to maintain infrastructure facilities, will be dealt with through
operational decisions at the level of particular services or organisational units. The
day-to-day planning of the freight transport is the best example of how operational
decisions are made within a given time framework, with maximum allowance being
made for all relevant parameters materialised within the annual timetable. As the
prospective investments in technical and technological modernisation of railway
traffic are limited, greater traffic rationality and efficiency in the following
development period should primarily rely on organisational improvement and
business promotion of the railway company. One of the ways to reach these goals is
a more market-oriented railway policy which makes allowance for the need to adapt
to specific requirements of domestic and international transport services market in
terms of scope, type and quality of services rendered, which will at least reduce
irrational behaviour within the traffic system and help stabilise the national economy
as well as bring certain income in the process. The follow-up of market
requirements, relations and changes and the efficiency in mobilising internal
potentials require the availability of certain information. Considering the importance
of such information, its flow, processing, use and storing cannot be left to inertia and
chance. Instead it should be purposefully organised within an appropriate
information system. This is vital for ensuring access to the right kind of information
for successful planning and market-oriented business policy and thereby for efficient
and rational operation of the entire management and information system. In this case
the solution to a decision-making process will be well-defined and the output
decision will be automatically determined through the input of data into the
programmed problem-solving model. Such software, where only quantitative data
are entered into problem-solving model and the outgoing solutions are made possible
by firmly defined algorithms, are conventional computer applications. Such software
products do not possess any "knowledge of their own" which would be capable of
modelling and finding solutions to problems. There are far more decision-making
problems whose solving process can be only partly presented by means of
algorithms, either as a result of their poor efficiency or inadequately articulated
problems[2]. Such problems can only be solved by experts in specific problem
situations who use their expertise gained through training and working experience.
Owing to the continuous progress made in the computer technology, expertise can
be stored today in the computer by means of artificial intelligence techniques.
The basic working plan of the Croatian Railways is the timetable regulating
the organisation of passenger and freight transport. Consequently, all decisions are
directly or indirectly related to it or its constituent elements. These decisions are
made on strategic, tactical and operative levels within various time limits set for their
implementation. The time dimension and the framework of strategic decisionmaking can be best presented by creating the basic working plan of the Croatian
Railways, and that is the timetable being prepared on yearly basis. Various activities
(traffic, train traction, civil engineering, electrical engineering), their co-ordination,
the capacity to carry out assigned tasks, the defined development and business
policy, all constitute a functional whole. Defining the required availability of traction
and driving vehicle's infrastructure, staff, organisation and technology of passenger
and freight train traffic are basic prerequisites for an operable railway traffic system.
The proper co-ordination of well-formed decisions will ensure required technical
facilities and staff support in transportation whereas the well-run organisation and
operational technology of passenger and freight trains will meet market demands for
railway transport services[3]. Over the one-year timetable period various factors will
appear which will interfere in the implementation of some elements of the timetable.
Everyday influences, above all the uneven flow of passenger or freight traffic
and the need to maintain infrastructure facilities, will be dealt with through
operational decisions at the level of particular services or organisational units. The
day-to-day planning of the freight transport is the best example of how operational
decisions are made within a given time framework, with maximum allowance being
made for all relevant parameters materialised within the annual timetable.
2.3.
Evaluate the effectiveness of the coded interference method to ensure
information security in railway transport
To provide safe, dependable, and efficient transportation service, a rail transport
operator needs to coordinate dozens of different systems, including, e.g., the railway
signalling system, fire detection/suppression system, ventilation system, traction
power system, passenger information system, and fare collection system. The
increasing reliance of such systems on ICT introduces cyber security risks with
complex cyber-physical implications, as exemplied by the two scenarios we describe
next. The train control/railway signaling system is a safety-critical system that lies
in the core of a railway infrastructure. It can be implemented in diverse forms: from
a purely manual form as in the early days, to a fully automatic form as in the
communications based train control (CBTC) systems that serve many cities today.
Traditionally, fixed block signaling is used, where the track is divided into physical
sections, and no more than one train is allowed in each section. Today’s urban
railway systems increasingly use a moving block design, which gets rid of the fixed
blocks so the block locations and lengths can be dynamically changed according to
train location, weight and speed.
One primary advantage of a moving block system is that the spacing between
trains is reduced, allowing for higher capacity for transit operators. Broadly
speaking, a CBTC system consists of train borne systems, wayside systems, and a
central management system, which are all connected continuously through highspeed data communication networks, as shown in the left subfigure of Fig. 1. They
implement automatic train protection (ATP), automatic train operation (ATO), and
automatic train supervision (ATS) functions[1]. The right subfigure of Fig. 1 shows
a simplified data flow diagram for some key CBTC operations. The train determines
its position and speed based on data from onboard sensors (tachometer, Doppler)
and data from the absolute position reference (APR) beacons located on the track. It
submits train data (including position and speed) via the radio-based communication
link to the way side system, which is further connected with the central ATS system
located at the operations control center (OCC). Many CBTC systems also include
auxiliary wayside systems (AWS), which implement auxiliary functionalities (e.g.,
interlocking) that can provide a “fall-back” signaling system if some other CBTC
components become faulty. Cyber-physical challenges for analyzing CBTC’s
security risk. By using radio-based digital transmission (instead of track circuits) to
determine train location and perform train-trackside data communications, CBTC
can increase the capacity, reduce the amount of wayside equipment needed, and
improve the reliability. However, the new digital elements in CBTC — the passive
APR beacons that provide accurate localization to trains, the train borne and wayside
systems that implement control logic in software, the radio-based communication
system, and the central ATS at the OCC all present potential new attack surfaces.
These components are interconnected, and engineered with various safetyenhancing mechanisms, e.g., physical access control, redundant data sources and
networks, and fault-response procedures. This complexity makes it challenging to
analyze the security level of such a system [2]. In particular, an attacker can start
from a physically less protected component (e.g., devices used by system
maintenance staff), exploit a series of system vulnerabilities to compromise more
critical ones, along the way leveraging or by passing various safety-enhancing
mechanisms, and finally use the compromised critical components to cause physical
consequences.
The complicated coupling of different systems in an urban
railway can lead to security implications with cascading effects. For example, while
the public address (PA) or public information display (PID) systems do not directly
impose safety issues, abusing those systems can potentially lead to overcrowding
which could indirectly impact the passengers’ safety. Also, for a rail transit operator,
there are important non-safety-related security concerns: for example, whether an
attack will cause interruption or degradation of service, leakage of information, loss
of fare revenue, or damage to their reputation. This is the focus of our second risk
scenario. Traditionally in public transit systems, the operators at the operations
control center and individual train stations broadcast traffic update information to
commuters via the PID and PA systems. Beyond ordinary information such as train
arrival times, those systems are also used to inform commuters of incidents, delays
and even the crowdedness of certain routes, to advise them on alternative routes and
means of transportation.
Recently, urban rail systems have started to extend such information updates
to mobile apps installed on commuters’ mobile devices (e.g., [3] [4]). For simplicity,
we call them PID apps in this paper. PID apps can also push messages to end users
regarding specific incidents, enabling commuters to plan adjustments to their route
ahead of time. However, such extended PID or PA channels could be misused.
Information and communications technologies (ICT) play a vital role in
helping railway operators improve their system safety and service reliability, provide
higher transit capacity, and keep the costs of building, operating, and maintaining
their infrastructure in check. For example, many urban transportation systems
around the world have deployed some form of communications-based automatic
train control. In those systems, multiple cyber components, including wireless
communication, software defined control logic, and near-real-time data visualization
at control centers, have been introduced to replace their conventional physical
counterparts. As another example, with smart phones becoming ubiquitous, transit
operators are introducing mobile apps to provide consumers with information about
train schedules, as well as push notifications about emergency events or other
relevant information. While the benefits of digitizing urban railway systems are
obvious, the potential implications of this evolution could be multi-faceted and
profound, especially when it comes to the issue of security. For older railway
systems, where train protection is based on track circuits and mechanical relay
signaling, the security concerns reside primarily in the physical domain. In
comparison, the ICT components used in newer automatic train control systems
expose additional cyber-attack surfaces, which could allow sophisticated attackers
to combine cyber-attack vectors with physical attack means to achieve malicious
goals. This makes it difficult to assess the security of digitized urban railway systems
using traditional approaches (e.g., safety analysis methods) that are most familiar to
transit operators and other stakeholders. At the same time, security analysis
approaches used in other ICT systems (e.g., enterprise networks) are also not readily
applicable to urban railway systems, since cyber components can have complicated
interactions with the physical assets, or even passengers (e.g., with a false
notification through a mobile app).
In this work, we take a close look at two concrete examples of cyber-intensive
systems used in urban railway environments a communications-based train control
(CBTC) system and a mobile transit information app and use them to analyze the
cyber-physical security challenges introduced by the digitization of urban railway
systems. At the high level, we identify two key challenges:
 Cross-domain attack and defense: For a digitized urban railway system, with
its many components that span a large geographic area in the physical domain
and interconnect with each other in the cyber domain, attack and defense can
manifest in multiple stages, involving both cyber and physical actions.
 Physical-domain consequences from cyber breaches: Security breaches in the
cyber domain, such as falsified information or malicious control logic, can
have a complicated impact on the physical domain, which is also subject to
an urban railway system’s underlying design features, such as fail-safe
mechanisms.
The evolution of urban railway systems requires the corresponding evolution of
security analysis methodologies in particular, the need for encompassing a
systematic cyber-physical perspective. In particular, we find that in the CBTC
example, the Failure Modes, Vulnerabilities and Effects Analysis (FMVEA)
approach [18], which originates from the safety engineering domain, provides a
convenient starting point, since the primary concern in train signaling is avoiding
“hazards” such as train collisions or derailments, regardless of whether they are
caused by cyber or physical means.
In summary, we analyze the cyber-physical security implications of the ongoing
evolution of urban railway systems, present analysis results obtained from two
different methods, and use them as concrete references to discuss the way to move
forward.
Nowadays in railway applications, with respect to high requirement to
Safety Integrity Level (SIL) of an interlocking and a communication system,
the safety of subsystems cannot be demonstrated by tests only, but also by
theoretical models based on quantitative analysis. Negative influence also results
from the fact, that a generally acceptable theoretical apparatus for risk analysis
and safety level evaluation is missing, which would objectify the whole process
of safety consideration. Reciprocity information exchange leads to opinion of
safety certification unification. It leads to problems minimize by reciprocity
acceptation advisement results. The genesis of the problem is based on the fact, that
single countries of European space developed philosophical different signaling
systems and interlocking systems too. These systems have been developed
basically at the national level with different types of signals and devices.
Today it is very difficult to harmonize these devices. Developing the uniform
ETCS (European Train Control System) in Europe can solve these problems
in the future, although implementation of particular application level of ETCS
depends on economical situation in individual European country. Application
level ETCS L2 assumes communication across GSM-R (Global System for Mobile
- for Railway) network and communication protocol Euroradio, which content
some cryptography mechanisms for keeping of integrity and authentication
procedures of railway transport entities, e. g. communication between OBU (On
Board Unit) in train with RBC (Radio Block Central) and communication between
RBC-RBC . In several part of cryptography systems within ETCS system is in the
phase of evolution and discussions.
Concerning to very dynamic developed
discipline (as it is cryptography) and with
recommended cryptography
algorithm
in
related
cryptanalysis
Euroradio
system
several
is
not
computationally safety just now (not resistant against existing attacks) [6].
Therefore it is necessary to create the methodology for safety evaluation of
the cryptographic algorithms or the cryptographic modules and to determine
computationally safety of recommended cryptographic mechanisms, to consider
their selection and in addition to proposal for these algorithms KMS (Key
Management System). In Europe countries this time KMS is in the phase of
developing. With respect of interoperability in railway transport in European
countries these procedures and convention must be solved incorporate with railway
companies in Europe [19]. The reciprocal acceptance an interlocking and
communication systems safety appraisal results bring considerable financial
savings and significantly reduce the deployment of new systems into railway
operation (the necessary requirement for interlocking system implementation is a
positive result of Safety appraisal). In addition more suitable conditions are
created for penetration of these systems onto third-party countries (the reference
of the systems safety being accepted by several countries organizations acts
positively).
These rules are valid for specific part of safety related systems too,
which is communication. It is well known that standards for commercial sphere
(e. g. financial sector, company information systems, ...) exist but for applications
of cryptography with increasing safety integrity level the methodology for
safety evaluations absent. E. g. the FIPS 140-2 standard is applicable to all federal
agencies that use cryptographic-based security systems to protect sensitive
information in computer and telecommunication systems. For safety evaluation
of cryptography modules methods based on the quantitative analyses are
recommended in comparison of approach apply in the commercial sphere, where
the methods are based on the qualitative analyses. According to standard FIPS
PUB 140-2 cryptographic modules are divided to four qualitative levels:
Security Level 1 - provides the lowest level of security. No specific physical
security mechanisms are required in cryptographic module beyond the basic
requirement for production-grade components.
Security Level 2 – improves upon the physical security mechanisms of a
cryptographic module by requiring features that show evidence of tampering,
including tamper-evident coatings or seals that must be broken to attain physical
access to the plaintext cryptographic keys and critical security parameters (CSPs)
within the module.
Security Level 3 – attempts to prevent the intruder from gaining access to CSPs
held within the cryptographic module. Physical security mechanisms required are
intended to have a high probability of detecting and responding to attempts at
physical access, use or modification of the cryptographic module, trusted channel
for manipulation of critical data – B1 according to TCESEC [8] are used.
Security Level 4 – provides the highest level of security. The physical security
mechanisms provide a complete envelope of protection around the cryptographic
module with the intent of detecting and responding to all unauthorized attempts
at physical access. General requirement to cryptography techniques which must
be fulfill are described in the norm EN 50159. Mechanisms within Safety Critical
Applications Cryptographic techniques are recommended to apply within safetyrelated application (e. g. safety-related control system in railway transport) if
malicious attacks within the open transmission network cannot be ruled out.
This is usually the case when safety-related communication uses a public
network, a radio transmission system and a transmission system with
connections to public networks. Cryptographic techniques can eliminate
masqueraded of message. Cryptographic techniques can be combined with the
safety encoding mechanism or provided separately. The degree of effectiveness
of cryptography mechanism depends on the strength of the algorithms and the
secrecy of the keys. According to norm for railway applications the safety case shall
demonstrate the appropriateness of
cryptographic techniques
the
(performance
following:
of
technical
encryption
choice
algorithm,
of
key
characteristics), technical choice of cryptographic architectures (checking the
correct functioning - before and during the operational phase of the
cryptographic processes when they are implemented outside the safety-related
equipment),
management
activities
(production, storage, distribution and
revocation of confidential keys). The cryptographic algorithm shall be applied to all
user data and may be applied over an additional data that is not transmitted
but is known to the sender and the receiver (implicit data). The basic principle
of safety - related communication between two safety-related equipment SRE 1
and SRE 2 is illustrated in Fig. 1. The additional safety layer, certificated in the
required safety integrity level (SIL) must be implemented within a safety - related
equipment. It is layer of the safety - related transmission in which is
implemented the safety mechanism a safety code for elimination of unintentional
attack affected by EMI (Electromagnetic Interferences) and the safety layer the
access protection, which is realized with the use of cryptographic code, or
cryptographic techniques. This layer can be component part of safety – related
equipment or can be apply in input point to untrusted transmission systems.
According to norm [9] within safety - related communication across open
transmission system, in which is not possible to eliminate unauthorized access
to system, within communication layer of the access protection the block
cipher based on secret key is high recommended (model of structure message B0)
or cryptography code (model of structure message B1). Determination with
Application to Euroradio Protocol Determination of an average error probability
of the cryptography code word was realized for combined communication
system, which consists from the safety code and the cryptographic code MAC
(Message Authentication Code) . The formal notation of MAC calculation is: ) (M
C MACKc (12) where M is the message, K c
is the shared key and C
representing ciphering operation. This alternative cryptographic technique is well
recommended for using in Euroradio safety layer of communication protocol
within ETCS system, developed in railway application in Europe. This cryptography
code is recommended to apply in CBC (Cipher Block Chaining) mode CBCMAC, which improves the safety of algorithm [19]. CBC-MAC is based on 3-DES
block cipher, which enciphered the block size of length k = 64 bits with applying the
secret keys of length 168 bits and is using in secure procedures ensuring message
authentication and integrity during transmission. In the paper the mathematical
apparatus for an error probability of cryptography code was describe, which can
be used within the safety evaluation of cryptography codes used in safetyrelated communication with combination of a safety code. The authors assumed
application of CRC-16 safety code. The results are oriented to determination of
an average error probability of message authentication code (MAC) on the base of
3-DES algorithm in CBC mode, which is recommended to apply in Euroradio
communication protocol in ETCS system providing affect of electromagnetic
interferences only. Results of an average error probability of code word can be
changed in dependence on the detection or correction possibilities of safety code. In
the paper the authors assume one type of safety code only and determination
oriented to safety analyses of cryptography code. For global safety evaluation of
cryptographic module it is necessary to create the model which will be describe the
affects of the intentional attacks to safety message transmission.
3.
Methodology and system of information security in railway transport.
To provide safe, dependable, and efficient transportation service, a rail transport
operator needs to coordinate dozens of different systems, including, e.g., the railway
signalling system, fire detection/suppression system, ventilation system, traction
power system, passenger information system, and fare collection system. The
increasing reliance of such systems on ICT introduces cyber security risks with
complex cyber-physical implications, as exemplied by the two scenarios we describe
next. The train control/railway signaling system is a safety-critical system that lies
in the core of a railway infrastructure. It can be implemented in diverse forms: from
a purely manual form as in the early days, to a fully automatic form as in the
communications based train control (CBTC) systems that serve many cities today.
Traditionally, fixed block signaling is used, where the track is divided into physical
sections, and no more than one train is allowed in each section. Today’s urban
railway systems increasingly use a moving block design, which gets rid of the fixed
blocks so the block locations and lengths can be dynamically changed according to
train location, weight and speed.
One primary advantage of a moving block system is that the spacing between
trains is reduced, allowing for higher capacity for transit operators. Broadly
speaking, a CBTC system consists of train borne systems, wayside systems, and a
central management system, which are all connected continuously through highspeed data communication networks, as shown in the left subfigure of Fig. 1. They
implement automatic train protection (ATP), automatic train operation (ATO), and
automatic train supervision (ATS) functions[1]. The right subfigure of Fig. 1 shows
a simplified data flow diagram for some key CBTC operations. The train determines
its position and speed based on data from onboard sensors (tachometer, Doppler)
and data from the absolute position reference (APR) beacons located on the track. It
submits train data (including position and speed) via the radio-based communication
link to the way side system, which is further connected with the central ATS system
located at the operations control center (OCC). Many CBTC systems also include
auxiliary wayside systems (AWS), which implement auxiliary functionalities (e.g.,
interlocking) that can provide a “fall-back” signaling system if some other CBTC
components become faulty. Cyber-physical challenges for analyzing CBTC’s
security risk. By using radio-based digital transmission (instead of track circuits) to
determine train location and perform train-trackside data communications, CBTC
can increase the capacity, reduce the amount of wayside equipment needed, and
improve the reliability. However, the new digital elements in CBTC — the passive
APR beacons that provide accurate localization to trains, the train borne and wayside
systems that implement control logic in software, the radio-based communication
system, and the central ATS at the OCC all present potential new attack surfaces.
These components are interconnected, and engineered with various safetyenhancing mechanisms, e.g., physical access control, redundant data sources and
networks, and fault-response procedures. This complexity makes it challenging to
analyze the security level of such a system [20]. In particular, an attacker can start
from a physically less protected component (e.g., devices used by system
maintenance staff), exploit a series of system vulnerabilities to compromise more
critical ones, along the way leveraging or by passing various safety-enhancing
mechanisms, and finally use the compromised critical components to cause physical
consequences.
The complicated coupling of different systems in an urban
railway can lead to security implications with cascading effects. For example, while
the public address (PA) or public information display (PID) systems do not directly
impose safety issues, abusing those systems can potentially lead to overcrowding
which could indirectly impact the passengers’ safety. Also, for a rail transit operator,
there are important non-safety-related security concerns: for example, whether an
attack will cause interruption or degradation of service, leakage of information, loss
of fare revenue, or damage to their reputation. This is the focus of our second risk
scenario. Traditionally in public transit systems, the operators at the operations
control center and individual train stations broadcast traffic update information to
commuters via the PID and PA systems. Beyond ordinary information such as train
arrival times, those systems are also used to inform commuters of incidents, delays
and even the crowdedness of certain routes, to advise them on alternative routes and
means of transportation.
Recently, urban rail systems have started to extend such information updates
to mobile apps installed on commuters’ mobile devices. For simplicity, we call them
PID apps in this paper. PID apps can also push messages to end users regarding
specific incidents, enabling commuters to plan adjustments to their route ahead of
time. However, such extended PID or PA channels could be misused.
Information and communications technologies (ICT) play a vital role in
helping railway operators improve their system safety and service reliability, provide
higher transit capacity, and keep the costs of building, operating, and maintaining
their infrastructure in check. For example, many urban transportation systems
around the world have deployed some form of communications-based automatic
train control. In those systems, multiple cyber components, including wireless
communication, software defined control logic, and near-real-time data visualization
at control centers, have been introduced to replace their conventional physical
counterparts. As another example, with smart phones becoming ubiquitous, transit
operators are introducing mobile apps to provide consumers with information about
train schedules, as well as push notifications about emergency events or other
relevant information. While the benefits of digitizing urban railway systems are
obvious, the potential implications of this evolution could be multi-faceted and
profound, especially when it comes to the issue of security. For older railway
systems, where train protection is based on track circuits and mechanical relay
signaling, the security concerns reside primarily in the physical domain. In
comparison, the ICT components used in newer automatic train control systems
expose additional cyber-attack surfaces, which could allow sophisticated attackers
to combine cyber-attack vectors with physical attack means to achieve malicious
goals. This makes it difficult to assess the security of digitized urban railway systems
using traditional approaches (e.g., safety analysis methods) that are most familiar to
transit operators and other stakeholders. At the same time, security analysis
approaches used in other ICT systems (e.g., enterprise networks) are also not readily
applicable to urban railway systems, since cyber components can have complicated
interactions with the physical assets, or even passengers (e.g., with a false
notification through a mobile app).
In this work, we take a close look at two concrete examples of cyber-intensive
systems used in urban railway environments a communications-based train control
(CBTC) system and a mobile transit information app and use them to analyze the
cyber-physical security challenges introduced by the digitization of urban railway
systems. At the high level, we identify two key challenges:
 Cross-domain attack and defense: For a digitized urban railway system, with
its many components that span a large geographic area in the physical domain
and interconnect with each other in the cyber domain, attack and defense can
manifest in multiple stages, involving both cyber and physical actions.
 Physical-domain consequences from cyber breaches: Security breaches in the
cyber domain, such as falsified information or malicious control logic, can
have a complicated impact on the physical domain, which is also subject to
an urban railway system’s underlying design features, such as fail-safe
mechanisms.
The evolution of urban railway systems requires the corresponding evolution of
security analysis methodologies in particular, the need for encompassing a
systematic cyber-physical perspective. In particular, we find that in the CBTC
example, the Failure Modes, Vulnerabilities and Effects Analysis (FMVEA)
approach, which originates from the safety engineering domain, provides a
convenient starting point, since the primary concern in train signaling is avoiding
“hazards” such as train collisions or derailments, regardless of whether they are
caused by cyber or physical means.
In summary, we analyze the cyber-physical security implications of the ongoing
evolution of urban railway systems, present analysis results obtained from two
different methods, and use them as concrete references to discuss the way to move
forward.
Nowadays in railway applications, with respect to high requirement to
Safety Integrity Level (SIL) of an interlocking and a communication system,
the safety of subsystems cannot be demonstrated by tests only, but also by
theoretical models based on quantitative analysis [1], [2]. Negative influence also
results from the fact, that a generally acceptable theoretical apparatus for risk
analysis and safety level evaluation is missing, which would objectify the
whole process of safety consideration. Reciprocity information exchange leads to
opinion of safety certification unification. It leads to problems minimize by
reciprocity acceptation advisement results. The genesis of the problem is based on
the fact, that single countries of European space developed philosophical different
signaling systems and interlocking systems too. These systems have been
developed basically at the national level with different types of signals and
devices. Today it is very difficult to harmonize these devices. Developing the
uniform ETCS (European Train Control System) in Europe can solve these
problems in the future, although implementation of particular application level
of ETCS depends on economical situation in individual European country [3],
[4]. Application level ETCS L2 assumes communication across GSM-R (Global
System for Mobile - for Railway) network and communication protocol Euroradio,
which content some cryptography mechanisms for keeping of integrity and
authentication procedures of railway transport entities, e. g. communication
between OBU (On Board Unit) in train with RBC (Radio Block Central) and
communication between RBC-RBC [5]. In several part of cryptography systems
within ETCS system is in the phase of evolution and discussions. Concerning to
very dynamic developed discipline (as it is cryptography) and with
related
cryptanalysis several recommended cryptography algorithm in Euroradio system
is not computationally safety just now (not resistant against existing attacks)
[6]. Therefore it is necessary to create the methodology for safety evaluation
of the cryptographic algorithms or the cryptographic modules and to determine
computationally safety of recommended cryptographic mechanisms, to consider
their selection and in addition to proposal for these algorithms KMS (Key
Management System). In Europe countries this time KMS is in the phase of
developing. With respect of interoperability in railway transport in European
countries these procedures and convention must be solved incorporate with railway
companies
in
Europe.
The reciprocal acceptance an interlocking and
communication systems safety appraisal results bring considerable financial
savings and significantly reduce the deployment of new systems into railway
operation (the necessary requirement for interlocking system implementation is a
positive result of Safety appraisal). In addition more suitable conditions are
created for penetration of these systems onto third-party countries (the reference
of the systems safety being accepted by several countries organizations acts
positively).
These rules are valid for specific part of safety related systems too,
which is communication. It is well known that standards for commercial sphere
(e. g. financial sector, company information systems, ...) exist but for applications
of cryptography with increasing safety integrity level the methodology for
safety evaluations absent. E. g. the FIPS 140-2 [7] standard is applicable to all
federal agencies that use cryptographic-based security systems to protect sensitive
information in computer and telecommunication systems. For safety evaluation
of cryptography modules methods based on the quantitative analyses are
recommended in comparison of approach apply in the commercial sphere, where
the methods are based on the qualitative analyses. According to standard FIPS
PUB 140-2 cryptographic modules are divided to four qualitative levels: provides
the lowest level of security. No specific physical security mechanisms are
required in cryptographic module beyond the basic requirement for productiongrade components. Improves upon the physical security mechanisms of a
cryptographic module by requiring features that show evidence of tampering,
including tamper-evident coatings or seals that must be broken to attain physical
access to the plaintext cryptographic keys and critical security parameters (CSPs)
within the module. Attempts to prevent the intruder from gaining access to CSPs
held within the cryptographic module. Physical security mechanisms required are
intended to have a high probability of detecting and responding to attempts at
physical access, use or modification of the cryptographic module, trusted channel
for manipulation of critical data – B1 according to TCESEC [8] are used.
Provides the highest level of security. The physical security mechanisms provide
a complete envelope of protection around the cryptographic module with the
intent of detecting and responding to all unauthorized attempts at physical access.
General requirement to cryptography techniques which must be fulfill are
described in the norm EN 50159. Mechanisms within Safety Critical Applications
Cryptographic techniques are recommended to apply within safety-related
application (e. g. safety-related control system in railway transport) if malicious
attacks within the open transmission network cannot be ruled out. This is
usually the case when safety-related communication uses a public network, a
radio transmission system and a transmission system with connections to public
networks. Cryptographic techniques can eliminate masqueraded of message.
Cryptographic techniques can be combined with the safety encoding mechanism
or provided separately. The degree of effectiveness of cryptography mechanism
depends on the strength of the algorithms and the secrecy of the keys.
3.1.
Development of a methodology for information security in railway
transport.
The basic working plan of the Croatian Railways is the timetable regulating
the organisation of passenger and freight transport. Consequently, all decisions are
directly or indirectly related to it or its constituent elements. These decisions are
made on strategic, tactical and operative levels within various time limits set for their
implementation. The time dimension and the framework of strategic decisionmaking can be best presented by creating the basic working plan of the Croatian
Railways, and that is the timetable being prepared on yearly basis. Various activities
(traffic, train traction, civil engineering, electrical engineering), their co-ordination,
the capacity to carry out assigned tasks, the defined development and business
policy, all constitute a functional whole. Defining the required availability of traction
and driving vehicle's infrastructure, staff, organisation and technology of passenger
and freight train traffic are basic prerequisites for an operable railway traffic system.
The proper co-ordination of well-formed decisions will ensure required technical
facilities and staff support in transportation whereas the well-run organisation and
operational technology of passenger and freight trains will meet market demands for
railway transport services. Over the one-year timetable period various factors will
appear which will interfere in the implementation of some elements of the timetable.
By choosing certain organisational and technological modalities it is possible, on the
tactical level, determine two characteristic periods of market imbalance in the
demand for transport Services: summer and winter seasons. Opting for particular
solution variants willoptimise the supply of transport services and the costs
generated by it and will also meet the market demands for transport services, which
have changed as a result of new circumstances.
Everyday influences, above all the uneven flow of passenger or freight traffic and
the need to maintain infrastructure facilities, will be dealt with through operational
decisions at the level of particular services or organisational units. The day-to-day
planning of the freight transport is the best example of how operational decisions are
made within a given time framework, with maximum allowance being made for all
relevant parameters materialised within the annual timetable. The expert system, the
creation of which is presented here, is designed to provide support in making
decisions related to planning the organisation of passenger train traffic in the area
covered by the Croatian Railways and meeting the requirements of the transport
services market. The factual knowledge required for solving this problem is
presented in the form of a tree of attributes, the root of which is the decision attribute
(concerning the rendering of new passenger traffic services). The presentation of
factual knowledge is based on the technique of sets of certain "attribute-value" pairs.
The technique consists in splitting the decision-making problem into more attributes
(criteria), the values of which determine the outcome of the final decision. The
attributes the decision-making problem is decomposed into create the problem
solution model, the so-called tree of decision-making attributes, where each attribute
is a knot of this tree, whereas the root of the tree structure is the solution to the
decision-making problem. Nowadays in railway applications, with respect to
high requirement to Safety Integrity Level (SIL) of an interlocking and a
communication system, the safety of subsystems cannot be demonstrated by
tests only, but also by theoretical models based on quantitative analysis[21].
Negative influence also results from the fact, that a generally acceptable theoretical
apparatus for risk analysis and safety level evaluation is missing, which would
objectify the whole process of safety consideration. Reciprocity information
exchange leads to opinion of safety certification unification. It leads to problems
minimize by reciprocity acceptation advisement results. The genesis of the problem
is based on the fact, that single countries of European space developed
philosophical different signaling systems and interlocking systems too. These
systems have been developed basically at the national level with different types
of signals and devices. Today it is very difficult to harmonize these devices.
Developing the uniform ETCS (European Train Control System) in Europe can
solve these problems in the future, although implementation of particular
application level of ETCS depends on economical situation in individual
European country . Application level ETCS L2 assumes communication across
GSM-R (Global System for Mobile - for Railway) network and communication
protocol Euroradio, which content some cryptography mechanisms for keeping
of integrity and authentication procedures of railway transport entities, e. g.
communication between OBU (On Board Unit) in train with RBC (Radio Block
Central) and communication between RBC-RBC [5]. In several part of cryptography
systems within ETCS system is in the phase of evolution and discussions.
Concerning to very dynamic developed discipline (as it is cryptography) and with
related cryptanalysis several recommended cryptography algorithm in Euroradio
system is not computationally safety just now (not resistant against existing
attacks) [6]. Therefore it is necessary to create the methodology for safety
evaluation of the cryptographic algorithms or the cryptographic modules and to
determine computationally safety of recommended cryptographic mechanisms, to
consider their selection and in addition to proposal for these algorithms KMS
(Key Management System). In Europe countries this time KMS is in the phase of
developing. With respect of interoperability in railway transport in European
countries these procedures and convention must be solved incorporate with railway
companies
in
Europe
[3].
The reciprocal acceptance an interlocking and
communication systems safety appraisal results bring considerable financial
savings and significantly reduce the deployment of new systems into railway
operation (the necessary requirement for interlocking system implementation is a
positive result of Safety appraisal). In addition more suitable conditions are
created for penetration of these systems onto third-party countries (the reference
of the systems safety being accepted by several countries organizations acts
positively).
3.2.
Development of information security system in railway transport.
The first part of the work deals with the development of generic detection
solutions able to detect different types of cyber-attacks targeting different levels of
the network stack. The detection algorithms will be implemented on Software
Defined Radio (SDR) cards in order to propose hardware probes monitoring
the physical layer. Software probes solutions will then be developed to monitor
activities on the other levels of the network stack for different network protocols.
The output of these probes will be injected into the OPF which constitutes the
monitoring architecture. The second part of the work consists in investigating
the use of adaptive classification algorithms for the detection and identification
of attacks. It would allow to: (1) Detect unknown (new) internal and external threats
and intrusions, (2) Build models with incomplete knowledge about the normal and
safe modes, (3) Adapt the built models to evolving behaviours of the attackers to
break the security rules. In such a system, some basic rules are coded in the first
initialisation of the system and then the attack detection system will monitor
and analyse any kind of possible drift in the behaviour of the operator to detect and
localize further attacks more precisely. Finally, Human factor has to be addressed
in the risk analysis. It consists in assessing the professional human driver and CTC
(Central Traffic Control) supervisor abilities to react to (simulated) cyber-attacks, or
to their consequences, in a realistic simulator, by reproducing scenarios involving
humans, analysing their behaviours and their abilities to detect and to mitigate the
threats. Then, the method will look for strategies, indicators and devices useful for
human counter measures. More generally, the work consists in improving human
detection and recovery and enhancing their system resilience. Given the rapid
evolution of telecommunication and cyber threats, the railway sector has a double
concern to evolve to improve its services and to protect itself in order to continue to
guarantee its safety.
As part of the X2Rail-1 project, Cyber Security is being
considered through the design of an Open Pluggable Framework (OPF), which is
responsible for managing surveillance data, decision-making functions and
activation of adapted countermeasures. Work in progress is based on accurate
analyses of the impacts of attacks on different communication standards. This work
aims at identifying the most relevant parameters to be monitored for detecting and
classifying the attacks.
As the prospective investments in technical and
technological modernisation of railway traffic are limited, greater traffic rationality
and efficiency in the following development period should primarily rely on
organisational improvement and business promotion of the railway company. One
of the ways to reach these goals is a more market-oriented railway policy which
makes allowance for the need to adapt to specific requirements of domestic and
international transport services market in terms of scope, type and quality of services
rendered, which will at least reduce irrational behaviour within the traffic system
and help stabilise the national economy as well as bring certain income in the
process. The follow-up of market requirements, relations and changes and the
efficiency in mobilising internal potentials require the availability of certain
information. Considering the importance of such information, its flow, processing,
use and storing cannot be left to inertia and chance. Instead it should be purposefully
organised within an appropriate information system[1]. This is vital for ensuring
access to the right kind of information for successful planning and market-oriented
business policy and thereby for efficient and rational operation of the entire
management and information system. In this case the solution to a decision-making
process will be well-defined and the output decision will be automatically
determined through the input of data into the programmed problem-solving model.
Such software, where only quantitative data are entered into problem-solving model
and the outgoing solutions are made possible by firmly defined algorithms, are
conventional computer applications. Such software products do not possess any
"knowledge of their own" which would be capable of modelling and finding
solutions to problems. There are far more decision-making problems whose solving
process can be only partly presented by means of algorithms, either as a result of
their poor efficiency or inadequately articulated problems[22]. Such problems can
only be solved by experts in specific problem situations who use their expertise
gained through training and working experience. Owing to the continuous progress
made in the computer technology, expertise can be stored today in the computer by
means of artificial intelligence techniques. The basic working plan of the Croatian
Railways is the timetable regulating the organisation of passenger and freight
transport. Consequently, all decisions are directly or indirectly related to it or its
constituent elements. These decisions are made on strategic, tactical and operative
levels within various time limits set for their implementation. The time dimension
and the framework of strategic decision-making can be best presented by creating
the basic working plan of the Croatian Railways, and that is the timetable being
prepared on yearly basis. Various activities (traffic, train traction, civil engineering,
electrical engineering), their co-ordination, the capacity to carry out assigned tasks,
the defined development and business policy, all constitute a functional whole.
Defining the required availability of traction and driving vehicle's infrastructure,
staff, organisation and technology of passenger and freight train traffic are basic
prerequisites for an operable railway traffic system. The proper co-ordination of
well-formed decisions will ensure required technical facilities and staff support in
transportation whereas the well-run organisation and operational technology of
passenger and freight trains will meet market demands for railway transport
services[3]. Over the one-year timetable period various factors will appear which
will interfere in the implementation of some elements of the timetable. Everyday
influences, above all the uneven flow of passenger or freight traffic and the need to
maintain infrastructure facilities, will be dealt with through operational decisions at
the level of particular services or organisational units. The day-to-day planning of
the freight transport is the best example of how operational decisions are made
within a given time framework, with maximum allowance being made for all
relevant parameters materialised within the annual timetable. As the prospective
investments in technical and technological modernisation of railway traffic are
limited, greater traffic rationality and efficiency in the following development period
should primarily rely on organisational improvement and business promotion of the
railway company. One of the ways to reach these goals is a more market-oriented
railway policy which makes allowance for the need to adapt to specific requirements
of domestic and international transport services market in terms of scope, type and
quality of services rendered, which will at least reduce irrational behaviour within
the traffic system and help stabilise the national economy as well as bring certain
income in the process. The follow-up of market requirements, relations and changes
and the efficiency in mobilising internal potentials require the availability of certain
information. Considering the importance of such information, its flow, processing,
use and storing cannot be left to inertia and chance. Instead it should be purposefully
organised within an appropriate information system. This is vital for ensuring access
to the right kind of information for successful planning and market-oriented business
policy and thereby for efficient and rational operation of the entire management and
information system. In this case the solution to a decision-making process will be
well-defined and the output decision will be automatically determined through the
input of data into the programmed problem-solving model. Such software, where
only quantitative data are entered into problem-solving model and the outgoing
solutions are made possible by firmly defined algorithms, are conventional computer
applications. Such software products do not possess any "knowledge of their own"
which would be capable of modelling and finding solutions to problems. There are
far more decision-making problems whose solving process can be only partly
presented by means of algorithms, either as a result of their poor efficiency or
inadequately articulated problems. Such problems can only be solved by experts in
specific problem situations who use their expertise gained through training and
working experience. Owing to the continuous progress made in the computer
technology, expertise can be stored today in the computer by means of artificial
intelligence techniques. The basic working plan of the Croatian Railways is the
timetable regulating the organisation of passenger and freight transport.
Consequently, all decisions are directly or indirectly related to it or its constituent
elements. These decisions are made on strategic, tactical and operative levels within
various time limits set for their implementation. The time dimension and the
framework of strategic decision-making can be best presented by creating the basic
working plan of the Croatian Railways, and that is the timetable being prepared on
yearly basis. Various activities (traffic, train traction, civil engineering, electrical
engineering), their co-ordination, the capacity to carry out assigned tasks, the
defined development and business policy, all constitute a functional whole. Defining
the required availability of traction and driving vehicle's infrastructure, staff,
organisation and technology of passenger and freight train traffic are basic
prerequisites for an operable railway traffic system. The proper co-ordination of
well-formed decisions will ensure required technical facilities and staff support in
transportation whereas the well-run organisation and operational technology of
passenger and freight trains will meet market demands for railway transport
services[3]. Over the one-year timetable period various factors will appear which
will interfere in the implementation of some elements of the timetable. Everyday
influences, above all the uneven flow of passenger or freight traffic and the need to
maintain infrastructure facilities, will be dealt with through operational decisions at
the level of particular services or organisational units. The day-to-day planning of
the freight transport is the best example of how operational decisions are made
within a given time framework, with maximum allowance being made for all
relevant parameters materialised within the annual timetable.
3.3. Development of recommendations for information security in railway
transport.
Chapter 3 of my dissertation focuses on the safety of the railway system
today. First of all, the security of this system is extremely important not only for
public policy, but also for customers. The software also focuses on simplifying,
protecting and automating the process of purchasing a ticket for a train. We will get
acquainted with the software product created in the following and its functions.
So to launch the program, hover the mouse over the program button and
double-click the right button, and the following window will appear.
This window is the working window of the program and serves as the main interface.
3.3.1picture. Interface of program
The program is registered with the Uzbek Intellectual Property Agency and
registered under DGU 10558. This indicates that the program is protected by
copyright.
To the left of the program window are function windows. The first is a general
overview of the program, while the second is directly related to the payment system.
That is, when the second window is selected, the method of payment will appear.
The customer has the opportunity to continue the process by choosing a payment
card that is convenient for him.
Here are just three examples of different types of payment cards. In addition,
the customer will be able to make payments with any payment card. This is an
additional feature of our program. In every operation, great attention is paid to
information security. This, in turn, has a positive impact on the functioning of the
railway system.
3.3.2. picture. The window which user can choose type method of charge
The next window shows the history of tickets purchased. Every ticket bought
and sold is recorded here. Use the + button to add a new date. Improves upon the
physical security mechanisms of a cryptographic module by requiring features
that show evidence of tampering, including tamper-evident coatings or seals that
must be broken to attain physical access to the plaintext cryptographic keys and
critical security parameters (CSPs) within the module.
3.3.3 picture. The history of purchased tickets
The last window on the left side of the next work window is for recording
the customer's personal information. When this window opens, we will see a number
of windows where information should be entered.
3.3.4 picture. User’s informations window
At the top of the window there is an inscription UzCard, which means that
the customer has chosen this payment card as a type of payment during the above
operations.
First of all, the customer's name is written in a box with the name surname.
When filling out such information, it is advisable to fill in the information through
the client's identity documents.
3.3.5 picture. User’s informations window
The next step is reflected in the window above. According to him, the next
box to be filled in will include the name of the client and the name of the father.
In the second row of the window, in the cells for entering information, enter the
serial number of the document confirming the assignment. The next step is to specify
the date and time of departure.
3.3.6 picture. Select regions window
The select regions of the window require a complete and accurate indication
of where the flight is from, from which city to which city.
3.3.7 picture. Select regions window
When this item is completed, all the information we have entered about the
customer by clicking on the button at the bottom of the window will be automatically
saved in the history of flights.
Attempts to prevent the intruder from gaining access to CSPs held within
the cryptographic module. Physical security mechanisms required are intended to
have a high probability of detecting and responding to attempts at physical access,
use or modification of the cryptographic module, trusted channel for manipulation
of critical data – B1 are used.
3.3.8 picture. Select regions window
Security Level 2 – improves upon the physical security mechanisms of
a cryptographic module by requiring features that show evidence of tampering,
including tamper-evident coatings or seals that must be broken to attain physical
access to the plaintext cryptographic keys and critical security parameters (CSPs)
within the module.
In the operation of the information circuit, the hearing aid EQ1 does not allow
the separation of the information signal from the common signal due to the presence
of a noisy signal in the optical signal from any area of the optical fiber line. In this
case, the protection of information transmitted on the fiber-optic communication line
is created. The mode of movement of the second channel of the developed device is
similar to the mode of movement of the first channel.
3.3.9 picture. Select regions window
Security Level 3 – attempts to prevent the intruder from gaining access to
CSPs held within the cryptographic module. Physical security mechanisms
required are intended to have a high probability of detecting and responding to
attempts at physical access, use or modification of the cryptographic module,
trusted channel for manipulation of critical data – B1 are used.
Summary
To sum up, I can say that railway transport system in our country should be
reorganized with contemporary technologies. In my dissertation work, I offer my
own program which is helped to automate all of mechanisms and handworks. The
method of information security in railway systems, which is covered in this master's
dissertation, is accompanied by the creation of organizational and practical
conditions to limit the unauthorized access and use of existing information. Valuable
information on the analysis of the methods and means of information security in
railway transport, the need, as well as the promotion of cryptographic methods of
security. One of the most important requirements for modern communication
systems and networks is to ensure the confidentiality and confidentiality of
information transmission. The object of research is fiber-optic communication lines
that meet the high requirements of modern telecommunications systems.
Evaluation of their effectiveness in the development of methods of technical
protection of information security in railway transport, the development of practical
recommendations for their use.
Basic characteristics of the railway system, a cryptographic method of
information security in railway systems. More than 20 publications of foreign and
domestic scientists on the subject were analyzed and the results of the analysis were
used to address the key issues raised in the dissertation.
At present, large-scale work is being carried out in all developed countries
of the world to improve the railway systems, increase their efficiency in the
transmission and processing of information. The results of the study can be used to
ensure information security in railway systems and networks.
Scientific innovation consists of:
1) The modernity of the optoelectronic method of information security in railway
systems is substantiated.
2) The advantages and disadvantages of methods and means of information security
in railway systems are analyzed.
3) A method has been developed to prevent unauthorized access to information
signals in the railway system
4) Software has been developed to evaluate the effectiveness of protection of
information on railway lines from unauthorized impact.
5) The effectiveness of the method of protection against unauthorized acquisition of
information signals in the railway system was evaluated.
In the introductory part of the master's dissertation the substantiation and
relevance of the topic, the goals and objectives of the research, the theoretical and
practical significance of the research results, scientific innovations are described.
Chapter I of the master's dissertation provides an analysis of methods and
tools to ensure information security in railway transport.
Chapter II of the master's dissertation deals with the development of a coded
interference method to ensure information security in the railway system.
Chapter III of the master's dissertation deals with the device of information
security in the railway system.
The concluding part of the master's dissertation shows the scientific and practical
significance of the research results, solutions to the research problem. In conclusion
it is clear that information security in railway system is the most important part in
our society.
References:
1. Karimov I.A. “O‘zbekiston XXI asr bo‘sag‘asida: havfsizlikka taxdid,
barqarorlik shartlaria taraqqiyot kafolatlari” – T.: O‘zbeiston, 1997.
2. Karimov I.A. “Mustaqilikka erishish ostonasida” – T.: O‘zbeiston, 2002.
3. Govind P. Agrawal, “Fiber-Optic Communication Systems, 2nd ed” John
Wiley & Sons, New York, 1997.
4. Donald J. Sterling, Journal “A Technician’s Guide to Fiber Optics” 3rd ed,
Delmar Publishers, Albany, New York, 2000.
5. Application related aspects of optical amplifier devices and subsystems,
ITU-T Res.G.663, ITU-T Geneva, October 1996
6. Ansaldo
STS,
“CBTC
Communication
http://www.ansaldo-sts.com/
Based
Train
Control,”
sites/ansaldosts.message-
asp.com/files/imce/cbtc.pdf.
7. 2.
“MyTransport.SG
App,”
http://www.mytransport.sg/mobile/mytransport mobile.html.
8. “Massachusetts
Bay
Transportation
Authority
Apps,”
http://www.mbta.com/rider tools/.
9. C. Schmittner, T. Gruber, P. Puschner, and E. Schoitsch, “Security
application of failure mode and effect analysis (FMEA),” in Proc. of the
International Conference on Computer Safety, Reliability and Security
(SAFECOMP), 2014.
10. EN 50129. Railway applications : Safety-related electronic systems.
CENELEC, 2003.
11. EN 50126. Railway applications : The specification and
demonstration
of dependability, reliability, availability,
maintainability and safety (RAMS). CENELEC, 2001.
12. The European Rail Traffic Management System [online]. 2010.
Available at WWW: <www.ertms.com>.
13. ZAHRADNÍK, J.; RÁSTOČNÝ, K. Aplication of safety-related systems.
EDIS, ŽU in Žilina, 2006. ISBN 80-8070-546-1.
14. FRANEKOVÁ, M.; KÁLLAY, F.; PENIAK, P.; VESTENICKÝ, P.
Communication safety of industrial networks. ŽU in Žilina, EDIS, 2007. ISBN
978 -80 -8070-715-6.
15. CHRTIANSKY, P. Cryptoanalysis of block cipher used in safety-related
comunication protocol. Proceedings of International Conference ELEKTRO,
Žilina. May 2008, pp. 143-145. ISBN 978-80-8070-845-0.
16.
FIPS 140-2. Security requirement for cryptographic modules. Federal
Information Processing Standard Publication, 1994.
17. QIU, L.; ZHANG, Y.; WANG, W.; KYUNG, M.; RATUL MAHAJAN, H.
Trusted Computer System Evaluation Criteria. National Computer Security
Center.
18. EN 50159. Railway applications : Communication, signalling and processing
systems - Safety - related communication in transmission systems.
19. ISO/IEC 9797-1:1999. Information technology – Security techniques –
Message Authentication Codes (MACs) – Part 1 : Mechanisms using a block
cipher.
20. “MyTransport.SG App,” http://www.mytransport.sg/mobile/mytransport
mobile.html.
21.
“Massachusetts
Bay
Transportation
Authority
Apps,”
http://www.mbta.com/rider tools/.
22. C. Schmittner, T. Gruber, P. Puschner, and E. Schoitsch, “Security application
of failure mode and effect analysis (FMEA),” in Proc. of the International
Conference on Computer Safety, Reliability and Security (SAFECOMP), 2014