Modern trains rely on balises (communication beacons) located on the track toprovide location information as they traverse a rail network. Balises, such asthose conforming to the Eurobalise standard, were not designed with security inmind and are thus vulnerable to cyber attacks targeting data availability,integrity, or authenticity. In this work, we discuss data integrity threats tobalise transmission modules and use high-fidelity simulation to study the risksposed by data integrity attacks. To mitigate such risk, we propose a practicaltwo-layer solution: at the device level, we design a lightweight and low-costcryptographic solution to protect the integrity of the location information; atthe system layer, we devise a secure hybrid train speed controller to mitigatethe impact under various attacks. Our simulation results demonstrate theeffectiveness of our proposed solutions.
展开▼