A Security Architecture for Protecting Safety-Critical Railway Infrastructure


Digitization, connectivity, and use of commercial off-the-shelf technologies has reached safety-critical areas such as the railway sector. This creates new opportunities for attacks and makes it necessary to integrate IT security measures into railway command and control systems (CCS). However, the integration of security mechanisms into a system certified according to the railway safety standard EN 50128 is a big challenge. This article gives an overview of an IT security architecture, which allows to operate security measures on safety systems such as object controllers. It consists of a hardware platform with a Trusted Platform Module (TPM) 2.0, a MILS (Multiple Independent Levels of Safety and Security) Separation Kernel (SK), and various security applications. The TPM serves as security anchor and enables, e.g., secure storage, measured boot, and remote attestation to detect tampering with the system software. The MILS OS ensures freedom of interference when running safety and security applications.

embedded world Conference 2021