Positive traincontrol(PTC)systemsare distributed interoperablesystems that control the movement of passenger and freight trains, providing significant safety enhancements over traditional methods of operating railroads. Due to their reliance onwirelesscommunications, PTCsystems are vulnerable to attacks that can compromise safety and potentially cause serious accidents. Designing PTC systems that can mitigate the negative effects of wireless-based exploits are mandatory to ensuring railroad safety. This paper employs use cases and misuse cases to analyze the effects of exploiting vulnerabilities in PTC systems. Use cases specify operational interactions and requirements, while misuse cases specify potential misuse or abuse scenarios. A distributed trust management system is proposed to enable PTC use cases and eliminate identified misuse cases.
Keywords: Railroad security, positive train control, use cases, misuse cases
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
American Association of State Highway and Transportation Officials, Transportation: Invest in America - Freight-Rail Bottom Line Report, Washington, DC (freight. transportation. org/doc/FreightRailReport. pdf ), 2002.
Association of American Railroads, U. S. Freight Railroad Statistics, Wash- ington, DC, 2004.
Bureau of Transportation Statistics, Federal Railroad Administration Na- tional Rail Network 1:100, 000 (Line), National Transportation Atlas Data- base 2003, Department of Transportation, Washington, DC, 2003.
A. Carlson, D. Frincke and M. Laude, Railway security issues: A survey of developing railway technology, Proceedings of the International Conference on Computer, Communications and Control Technologies, vol. 1, pp. 1-6, 2003.
P. Checkland and J. Scholes, Soft Systems Methodology in Action, John Wiley, Chichester, United Kingdom, 1999.
C. Chittester and Y. Haimes, Risks of terrorism to information technol- ogy and to critical interdependent infrastructures, Journal of Homeland Security and Emergency Management, vol. 1(4), 2004.
P. Craven, A brief look at railroad communication vulnerabilities, Proceed- ings of the Seventh IEEE International Conference on Intelligent Trans- portation Systems, pp. 345-349, 2004.
P. Craven and A. Craven, Security of ATCS wireless railway communica- tions, Proceedings of the IEEE/ASME Joint Rail Conference, pp. 227-238, 2005.
Department of Homeland Security, FY 2006 Infrastructure Protection Pro- gram: Intercity Passenger Rail Security Program Guidelines and Applica- tion Kit, Washington, DC, 2006.
Federal Railroad Administration, Railroad Communications and Train Control, Technical Report, Department of Transportation, Washington, DC, 1994.
Federal Railroad Administration, Implementation of Positive Train Control Systems, Technical Report, Department of Transportation, Washington, DC, 1999.
Federal Railroad Administration, Benefits and Costs of Positive Train Control, Report in Response to the Request of the Appropriations Committees, Department of Transportation, Washington, DC, 2004.
General Accounting Office, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, Report to Congressional Requesters, GAO-04-354, Washington, DC, 2004.
M. Hartong, R. Goel and D. Wijesekera, Communications-based positive train control systems architecture in the USA, Proceedings of the Sixty-Third IEEE Vehicular Technology Conference, vol. 6, pp. 2987-2991, 2006.
M. Hartong, R. Goel and D. Wijesekera, Communications security concerns in communications-based train control, Proceedings of the Tenth International Conference on Computer System Design and Operation in the Railway and Other Transit Systems, 2006.
M. Hartong, R. Goel and D. Wijesekera, Key management requirements for positive train control communications security, Proceedings of the IEEE/ASME Joint Rail Conference, pp. 253-262, 2006.
M. Hartong, R. Goel and D. Wijesekera, Mapping misuse cases to functional fault trees in order to secure positive train control systems, Proceedings of the Ninth International Conference on Applications of Advanced Technology in Transportation Engineering, pp. 394-399, 2006.
R. Hubbard, N. Mead and C. Schroeder, An assessment of the relative efficiency of a facilitator-driven requirements collection process with respect to the conventional interview method, Proceedings of the Fourth Interna-tional Conference on Requirements Engineering, pp. 178-186, 2000.
I. Jacobson, Object-Oriented Software Engineering: A Use Case Driven Approach, Addison-Wesley, Boston, Massachusetts, 1992.
K. Kang, S. Cohen, J. Hess, W. Novack and A. Peterson, Feature-Oriented Domain Analysis Feasibility Study, Technical Report CMU/SEI-90-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1990.
W. Kunz and H. Rittel, Issues as elements of information systems, Working Paper WP-131, Berkeley Institute of Urban and Regional Development, University of California, Berkeley, California, 1970.
C. Lerman, Applying UML and Patterns: An Introduction to Object Oriented Analysis and Design and the Unified Process, Prentice Hall, Upper Saddle River, New Jersey, 1998.
G. Mullery, CORE: A method for controlled requirements specification, Proceedings of the Fourth International Conference on Software Engineering, pp. 126-135, 1979.
National Research Council, Cybersecurity of Freight Information Systems: A Scoping Study, Transportation Research Board, National Academy of Sciences, Washington, DC, 2003.
S. Overmyer, L. Benoit and R. Owen, Conceptual modeling through linguistic analysis using LIDA, Proceedings of the Twenty-Third International Conference on Software Engineering, pp. 401-410, 2001.
President’s National Security Telecommunications Advisory Committee (NSTAC), Wireless Security Report, Wireless Task Force Report, Na-tional Communications System, Arlington, Virginia (www.ncs. gov/nstac/ reports/2003/WTF%20Wireless%20Security%20Report. pdf), 2003.
QFD Institute, Frequently asked questions about QFD (www.qfdi. org/what is qfd/faqs about qfd. htm).
W. Rash, Engaging in worm warfare, InfoWorld, January 9, 2004.
J. Rollins and C. Wilson, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, Report RL33123, Congressional Research Service, Library of Congress, Washington, DC, 2007.
J. Rumbaugh, Getting started: Using use cases to capture requirements, Journal of Object-Oriented Programming, vol. 7(5), pp. 8-12, 1994.
G. Sindre and A. Opdahl, Eliciting security requirements by misuse cases, Proceedings of the Thirty-Seventh International Conference on Technology of Object-Oriented Languages and Systems, pp. 120-131, 2000.
G. Sindre and A. Opdahl, Capturing security requirements through misuse cases, Proceedings of the Fourteenth Norwegian Informatics Conference, 2001.
G. Sindre and A. Opdahl, Templates for misuse case description, Proceedings of the Seventh International Workshop on Requirements Engineering, 2001.
Surface Transportation Board, 2003 Statistics of Class I Freight Railroads in the United States, Department of Transportation, Washington, DC, 2003.
Systems Designers Scientific, CORE - The Method: User Manual, SD Scicon, London, United Kingdom, 1986.
U. S. Government, Standards for the development and use of processor based signal and train control systems, Federal Register, vol. 70(232), pp. 72382-72385, 2005.
B. Weinstein and T. Clower, The Impacts of the Union Pacific Service Disruptions on the Texas and National Economies: An Unfinished Story, Center for Economic Development and Research, University of North Texas, Denton, Texas, 1998.
J. Wood and D. Silver, Joint Application Development, John Wiley, New York, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hartong, M., Goel, R., Wijesekera, D. (2008). Securing Positive Train Control Systems. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)