Ruiming Lu,Huiyu Dong,Hongwei Wang,Dongliang Cui,Li Zhu,Xi Wang

DOI: https://doi.org/10.1155/2021/2175780

IF: 2.3

2021-01-01

Complexity

Abstract:With the rapid development of urban rail transit systems, large amounts of information technologies are applied to increase efficiency of train control systems, such as general computers, communication protocols, and operation systems. With the continuous exposure of information technology vulnerabilities, security risks are increasing, and information is easy to use by malicious attackers, which can bring huge property and economic losses. The communication-based train control (CBTC) system is the most important subsystem of urban rail transit. The CBTC system ensures safe and efficient operation of trains, so the quantitative assessment of cyber security is quite necessary. In this paper, a resilience-based assessment method is proposed to analyze the security level of CBTC systems based on indicators of both the cyber domain and the physical domain. The proposed method can demonstrate the robustness and recovery ability of CBTC systems under different security attacks. Based on the structural information entropy, the fusion of different indicators is achieved. Two typical attacking scenarios are analyzed, and the simulation results illustrate the effectiveness of the proposed assessment approach.

Huiyu Dong,Hongwei Wang,Tao Tang

DOI: https://doi.org/10.1109/cac.2017.8243932

2017-01-01

Abstract:With the enhancement of informatization and automation, the capacity and efficiency of CBTC systems are increasing. However, the wide application of information technologies brings serious security threats on CBTC systems. Due to inherent characteristics of railway services, obtaining the security situation of CBTC systems is necessary. The methodlogy in this paper to evaluate the vulnerability of systems adopts attack tree modelling based on the functional architecture of CBTC systems. Assessments cover the current security states, port auditing, password policies and communication protocols of systems with the advantages of simplicity and operability. Based on the attack tree, leaf vulnerability, scenario vulnerability and system vulnerability are defined. During this assessment process, a typical scan tool, Nessus, and a vulnerability scoring system, CVSS, are used to achieve the port auditing. Moreover, a method to calculate the password strength and a piecewise linear function to normalize password strength are proposed. In the end, this approach is applied to a CBTC test-bed, and the assessment results show the difference of the vulnerability between the system with or without the improved countermeasures.

Hui-Yu DONG,Tao TANG,Hong-Wei WANG

DOI: https://doi.org/10.16383/j.aas.c180374

2019-01-01

Abstract:With the wide application of computer, communication and control technologies in train operation control system, the degree of automation and informatization of urban rail transit is continuously improved. However, universal computer equipment and communication technologies adopted by the method of CBTC (communication-based train control) bring serious security risks to the CBTC system. In view of this, it is of great significance to quantify and dynamically evaluate the information security risks of CBTC system. In this paper, a topology model of CBTC networks is built according to the characteristics of equipment and communication links. Combining the capacity loss from performance changes of train control under security risks, the 2D structural information entropy is constructed, which can comprehensively characterize the cyber space and physical space features, to model and evaluate the information security risks of CBTC system. Finally, with a hardware-in-the-loop simulation platform for urban rail transit CBTC security, the effectiveness and accuracy of the proposed approach are verified.

Hongwei Wang,Minming Ni,Shigen Gao,Feng Bao,Haichuan Tang

DOI: https://doi.org/10.23919/chicc.2018.8483166

2018-01-01

Abstract:In order to prompt the level of automation and information, a great amount of common information technologies are applied to railway signalling systems, which brings the openness of signalling systems increasing, and security risks are growing. Quantifying the effects of security risks is an urgent task, which is a great challenge for railway signalling systems due to the lack of security metrics and an efficient assessment approach. In the paper, based on the service features and the cyber-physical characteristics of railway signalling systems, we propose a resilience-based security assessment approach to describe performance changes during different stages of security events, which can illustrate the robustness and recovery capability of signalling systems facing cyber attacks. Considering a typical scenario where malicious jamming attacks are implemented on train-ground wireless communications, the proposed security assessment approach demonstrates the security levels of railway signalling systems. Based on time variance of the resilience indicators, a cognitive control strategy is developed to enhance overall performance and resilience of signalling systems. Simulation results show the validation and efficiency of the proposed security assessment approach.

ZuXi Chen,HongKai Lin,Meng Mei,YongHua Zhu,XiaoYong Wang,ZhongWei Xu,XiangYu Luo

DOI: https://doi.org/10.1016/j.heliyon.2024.e31776

IF: 3.776

2024-05-24

Heliyon

Abstract:Safety-critical systems, such as the railway signal system, are subject to potentially high costs from failures, including loss of life and property damage. The use of new technology, including communication-based train control (CBTC) systems with software and computers, has changed the types of accidents that occur. Software-related issues and dysfunctional interactions between system components controlled by the software are increasingly the cause of incidents. Developing a "safe" safety-critical system requires accurate and complete safety requirements, which are the foundation of system development. Traditional hazard analysis techniques are insufficient for identifying the causes of accidents in modern railway signaling systems. Systems-Theoretic Process Analysis (STPA) is a powerful new hazard analysis method designed to address these limitations. Building upon this foundation, a hierarchical approach to safety requirement development has been further developed. This approach combines STPA analysis with a hierarchical modeling approach to establish traceability links from safety requirements to specific architectures, refine and allocate system-level safety requirements to relevant subsystems, and abstract safety requirements at higher hierarchical levels to enable easy changes to lower-level implementations. This paper employs the aforementioned methodology within the context of the CBTC system, thereby enhancing risk management and hazard analysis, enabling early insights, and facilitating the generation of safety requirements of CBTC System.

Haifeng Wang,Ning Zhao,Bin Ning,Tao Tang,Ming Chai

DOI: https://doi.org/10.1049/iet-its.2018.5231

IF: 2.7

2018-01-01

IET Intelligent Transport Systems

Abstract:Train-centric communications-based train control (TcCBTC) system is a new solution for urban transit signalling. Compared to traditional train control systems, the on-board equipment is becoming more powerful and more complex. Due to its safety-critical nature, specialised technologies must be adopted to guarantee the safety of the system. To address the safety verification difficulty of the contr...

Ru Niu,Tao Tang,Lisagor, O.,McDermid, John

DOI: https://doi.org/10.1109/soli.2011.5986609

2011-01-01

Abstract:Ensuring safety in railway signalling system is always considered as significant as a guarantee of the safe and efficient operation of the whole railway. In fact, safety analysis of the signalling system with distributed computer technique is becoming extraordinarily difficult because of the frequent and complex interaction between components and the various backup modes. The dominant approaches are subjective, difficult to be reused, not well structured, thus leaving the safety analysis process time-consuming and error-prone. This paper develops a hierarchical methodology for safety analysis based on the failure propagation model and state-transition model. Unlike traditional safety analyses, the proposed approach demonstrates more accurate representation of practical failure behaviour in computer-based signalling system. Dynamic properties, system structure and failures in component level are separately modelled in different layers, and connected with synthesis laws. The analysis can be easily refined as the system design progresses and automatically produces safety-related information to help engineer in making design decisions. The preliminary design of Communication Based Train Control (CBTC) system for Yizhuang Line in Beijing is used to demonstrate the approach.

Wang Tongdian,Wang Wei,Enrico Zio,Tang Tao,Zhou Datian

DOI: https://doi.org/10.1016/j.simpat.2019.101941

IF: 4.199

2019-01-01

Simulation Modelling Practice and Theory

Abstract:Communication-based Train Control (CBTC) systems combining intelligent instruments and wireless communications are increasingly used in modern metros and other railway systems, because they can help optimizing railway traffic management and minimizing headways between running trains. Despite the potential benefits, CBTC systems functionality and availability can be affected by their configuration data errors, induced by human errors, instruments physical degradations and cyber communication interventions. In this paper, we identify and classify configuration data errors in CBTC systems, and propose a Monte Carlo (MC) simulation-based exploration approach, with safety margins estimation, for the primary purpose of verifying and assessing the data error effects on system functionality. The approach is illustrated with reference to a CBTC model prototyped from a Beijing Mass Transit Railway (MTR) operation system. Potentially risk-significant data errors of random magnitudes and running positions are injected by a Monte Carlo-driven engine and the system functional response is assessed.

Fan Zhang,Bing Bu

DOI: https://doi.org/10.1109/ICNISC54316.2021.00011

2021-01-01

Abstract:Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity...

Yajie Song,Bing Bu,Xuetao Yang

DOI: https://doi.org/10.1007/978-981-15-2914-6_16

2020-01-01

Abstract:Communication-based train control (CBTC) is considered as the main organ of urban rail transit systems, which is facing increasingly serious security threats. Intrusion detection systems (IDS) are crucial for security protection. This paper reports the design principles and evaluation results of a novel hybrid intrusion detection system which is suitable for CBTC systems. This hybrid method combines the advantages of the high true positive rate of network-based IDS (NIDS) and the ability of host-based IDS (HIDS) to monitor system behavior, where decision tree and critical state analysis are used, respectively. The proposed method is verified on a semi-physical simulation platform of CBTC and the experiments show that the designed scheme can detect intrusions accurately with a 97.8% detection rate.

Zujun Yu,Hongwei Wang,Feng Chen

DOI: https://doi.org/10.1016/j.hspr.2022.12.001

2023-01-01

High-speed Railway

Abstract:With the rapid development of railway transportation, higher requirements for capacity are increasing and amount of communication, computer and control technologies are applied in train control systems which is the popular method for train control. The application of 3 C brings the enhancement of railway transportation performance. However, the number of internal and external cyber security threats is rising, which could lead to some railway accidents. On the other hand, safety is the core of the design process for railway but security is rarely considered due to the closure of traditional railway systems. As cyber security is threatening the normal operation of industrial control systems and the critical infrastructure, security issues of train control systems should be paid more attention as railway transportation play an important role for society and economy. However, due to the safety-critical characteristics, safety assessment and analysis works have been performed for a long time, but cyber security related works are rarely considered. In the paper, we demonstrate the security situation of train control systems based on the inherent features and the experience of other industrial control systems, where the technical defects and potential threats are summarized. According to the practical engineering experience, the current security protection strategies are illustrated, which shows the popular security protection methods are limited and cannot realize the defense-in-depth. Finally, some research challenges of security issues of train control systems are identified.

Fei Yan,Chunhai Gao,Tao Tang,Yao Zhou

DOI: https://doi.org/10.1007/s40864-017-0051-7

2017-01-01

Urban Rail Transit

Abstract:The safety and the correctness of signaling system not only relate to the safety and efficiency of the rail transit operation, but also link with the life safety of passengers. In order to guarantee the safety of a signaling system for metro, the safety certificate for the trial operation with carrying passengers must be obtained. In this paper, a suitable safety management and signaling system integration model are explored according to the CENELEC standards and applied in China. With taking account of the strict safety requirements for the Communication-Based Train Control (CBTC) system, a safety assurance and assessment method based on safety verification and validation process was put forward. This method was applied in every phase of the CBTC system development life cycle to monitor and control each activity in the life cycle and to review each document in system development process. At the same time, this method is also used to ensure the traceability of relevant documents and to test all the functions of the whole system sufficiently and completely. So that the safety operation of train control system can be ensured. Up to now, the independently developed CBTC system with the safety management had been applied in many urban rail transit lines of Beijing, such as Yizhuang Line, Changping Line, Line No. 14, and Line No. 7. The CBTC signaling systems of these projects have been authorized by the safety certification from a third party, e.g., Lloyd Register which is a British company and famous for the safety verification and validation process.

Yu Zhou,Runtong Zhang,Huzhi Xue

DOI: https://doi.org/10.1117/12.2685086

2023-01-01

Abstract:The CBTC system, composed of multiple subsystems, is a crucial system that ensures safe and stable train operations. In the event of malfunctions during train operation, pinpointing the source of the problem can prove to be challenging, requiring the collaboration of personnel from various subsystems. The process of troubleshooting is tedious and time-consuming, making it difficult to quickly identify the root cause of the issue. This article proposes a solution through the development of an expert knowledge conversion module based on process diagrams, coupled with fault tree analysis and the design of an intelligent fault diagnosis and tracking system. This system enables the rapid tracing of the source of the malfunction, allowing for the swift localization of the root cause and visualization of the issue. This approach will revolutionize the current process and status quo of multi-subsystem personnel collaborating in step-by-step analysis for train fault analysis, significantly reducing the advanced human and time costs required for fault analysis and tracing, and improving the utilization of maintenance resources.

R. Niu,T. Tang

DOI: https://doi.org/10.2495/cr100751

2010-01-01

Abstract:Ensuring safety in railway signalling systems is always considered as significant as a guarantee of the safe and efficient operation of the whole railway. In fact, safety analysis of the signalling system with distributed computer technique is becoming extraordinarily difficult, because of the frequent and complex interaction between components and the various backup modes. The dominant approaches are subjective, difficult to reuse and not well structured, thus leaving the safety analysis process time-consuming and error-prone. This paper develops a hierarchical methodology for safety analysis based on the failure propagation model and state-transition model. Unlike traditional safety analyses, the proposed approach demonstrates more accurate representation of practical failure behaviour in a computer-based signalling system. Dynamic properties, system structure and failures at the component level are separately modelled in different layers, and connected with synthesis laws. The analysis can be easily refined as the system design progresses and automatically produces safety-related information to help the engineer in making design decisions. The preliminary design of the Communication Based Train Control (CBTC) system for the Yizhuang Line in Beijing is used to demonstrate this approach.

Wenhao. Wu,Bing. Bu,Wei. Zhang

DOI: https://doi.org/10.1109/itsc.2019.8917082

2019-01-01

Abstract:Communication-based train control (CBTC) are automated train control systems using information communication technologies to ensure the safe operation of rail vehicles. With the development of information technology, massive commercial software, hardware products and standard communication equipment are applied to urban rail transit systems, which introduces a crowd of security threats to CBTC systems. This paper proposes a generalized stochastic Petri net model to simulate dynamic interaction between the attacker and defender to evaluate the security of CBTC systems. According to the characteristics of the system and attack-defense methods, we divide our model to the penetration phase and the disruption phase. In each phase, we provide effective means of attack and corresponding defensive measures, and the system state is determined correspondingly. The model parameters are obtained by conducting attack and defense exercises on the semi-physical simulation platform. The system transition probability is derived with the model parameter and the Nash equilibrium of the game between the attacker and defender. The system availability is obtained by calculating the steady probability of each state which can be derived from the GSPN model solution. Our analytic results reveal the seriousness of the system security situation and the significance of defensive measures for system security.

Lu Lu,Xu Zhengguo,Wang Wenhai,Sun Youxian

DOI: https://doi.org/10.13879/j.issn1000-7458.2010.05.022

2010-01-01

Abstract:The safety is one of the most important and fundamental requirements for train operation.As the key technical equipment for train monitoring,control,and scheduling,the reliability of train control systems (TCSs) is directly related to the safety of train operation.Fault diagnosis for TCSs is an important way to guarantee the reliability of TCSs.This paper made a review over TCSs fault diagnosis techniques.First,fault diagnosis methods for TCSs are classified and summarized.Then,some research achievements of TCSs fault prediction were summarized.Finally,some potential directions for future TCSs fault diagnosis research are pointed out.

Bing Gao,Bing Bu,Xiaoxuan Wang

DOI: https://doi.org/10.1109/tits.2022.3192510

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:In recent years, intelligent transportation systems and automatic train control technologies have been developed rapidly. The communication-based train control (CBTC) system through train-to-train communications is very important in the intelligent transportation system and it uses wireless communication links to transmit the train control commands. However, the CBTC system is sensitive to information security attacks. Therefore, a comprehensive resilient control strategy is proposed for the CBTC system under Denial of Service (DoS) attacks. As a cyber physical system, the CBTC system includes two layers. In the communication layer, a strongly robust train-to-train communication topology is proposed which adopts a bidirectional communication strategy and a three times communication protocol to achieve the goal of resisting multi-channel DoS attacks. In the physical layer, an observer-based distributed intrusion detection method is firstly proposed to detect the attack. Further, a resilient control method based on a distributed state observer of the leader train is proposed to avoid triggering the train safety protection mechanism frequently. Finally, simulation results prove that the proposed comprehensive resilient control algorithm is effective in the CBTC system.

Wenhao Wu,Bing Bu

DOI: https://doi.org/10.3390/electronics8090991

IF: 2.9

2019-01-01

Electronics

Abstract:Communication-based train controls (CBTC) systems play a major role in urban rail transportation. As CBTC systems are no longer isolated from the outside world but use other networks to increase efficiency and improve productivity, they are exposed to huge cyber threats. This paper proposes a generalized stochastic Petri net (GSPN) model to capture dynamic interaction between the attacker and the defender to evaluate the security of CBTC systems. Depending on the characteristics of the system and attack–defense methods, we divided our model into two phases: penetration and disruption. In each phase, we provided effective means of attack and corresponding defensive measures, and the system state was determined correspondingly. Additionally, a semiphysical simulation platform and game model were proposed to assist the GSPN model parameterization. With the steady-state probability of the system output from the model, we propose several indicators for assessing system security. Finally, we compared the security of the system with single defensive measures and multiple defensive measures. Our evaluations indicated the significance of the defensive measures and the seriousness of the system security situation.

Xianqiong Zhao,Tao Tang,Fei Yan

DOI: https://doi.org/10.1109/icmtma.2009.330

2009-01-01

Abstract:With the fast development of the communication technology, the reliability and the availability of the wireless-communication have been greatly improved, and the Communication Based Train Control System (CBTC) has been formed. The Zone Controller is a subsystem of the CBTC system, which plays the role of computing and presenting Movement Authority (MA) to the train and managing the train. So the safety of the ZC subsystem will directly influence the safety of the train. This paper has taken the ZC subsystem as an example, particularly the functions of MA computation, to describe a Functional Safety Analysis Approach and its concrete implementation in the CBTC system.

Chao Liu,Tao Tang,Oleg Lisagor

DOI: https://doi.org/10.1109/SOLI.2011.5986612

2011-01-01

Abstract:Along with technology progress and fast paced development in China railway, the issue of safety is increasingly significant for all the involved technical equipments, especially for train control system. However, in view of the typical features of software-intensive, hardware-distributed, and communication-dependent derived from Communication based Train Control System (CBTC)1, traditional safety analysis approaches gradually betray the deficiencies of loose consistency of safety and design processes and duplicate work on safety assessment. In this paper, two of prominent proposed model based safety analysis (MBSA) approaches: failure logic modeling and failure effect modeling are introduced to deal with these two industrially encountered challenges, and also a further feasibility study on system-component extraction and model boundary restriction is investigated via a lightweight CBTC case, to show key technical issues on deploying MBSA methodology into railway-specific safety critical system.