Visible to the public An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols

TitleAn Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols
Publication TypeConference Paper
Year of Publication2017
AuthorsChothia, Tom, Ordean, Mihai, de Ruiter, Joeri, Thomas, Richard J.
Conference NameProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4944-4
Keywordsbirthday attack, collision attack, composability, ERTMS, euroradio, MAC forging, Metrics, pubcrawl, Resiliency, security, sybil attacks, Vulnerability
AbstractThis paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.
URLhttp://doi.acm.org/10.1145/3052973.3053027
DOI10.1145/3052973.3053027
Citation Keychothia_attack_2017