Abstract
Communication-based train control (CBTC) systems utilize continuous, high-capacity, and bidirectional train-to-wayside wireless communications to ensure the safe and efficient operation, where wireless local area networks (WLANs) based on 802.11 protocols are adopted as the main method. WLANs are working at the public frequency, and malicious interference and attacks are inevitable, which can badly affect the performance of CBTC systems. Due to the fail-safe mechanisms of CBTC systems, malicious attacks can cause the emergency braking of trains, and the operation efficiency can be reduced. Based on the vulnerabilities of WLANs, a multi-channel man-in-the-middle (MitM) attack on WLAN-based train-to-wayside communications is considered. The proposed attack method can manipulate the 802.11 frames, and bring delays, packet losing, and even modification of messages transmitted between trains and wayside equipment. Based on the operation principles of CBTC systems, the impacts of MitM attack are quantified according to the comparison between the train trajectories under attacks and the preset optimal running profiles of trains. Simulation results demonstrate principles and consequences of MitM attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schifers C, Hans G (2000) IEEE standard for communications-based train control (CBTC) performance and functional requirements. In: Vehicular technology conference proceedings, VTC, pp 1581–1585
Aguado M, Jacob E, Saiz P, Unzilla JJ, Higuero MV, MatÃas J (2005). Railway signaling systems and new trends in wireless data communication. In VTC-2005-Fall. 2005 IEEE 62nd vehicular technology conference, vol 2. IEEE, pp 1333–1336
Weng J, Wu Y, Wei Z et al (2018) Position manipulation attacks to balise-based train automatic stop control. IEEE Trans Veh Technol 67:5287–5301
Lakshminarayana S, Karachiwala JS, Chang SY, Revadigar G, Kumar SLS, Yau DK, Hu YC (2018) Signal jamming attacks against communication-based train control: attack impact and countermeasure. In: Proceedings of the 11th ACM conference on security & privacy in wireless and mobile networks. ACM, pp 160–171
Vanhoef M, Piessens F (2014) Advanced Wi-Fi attacks using commodity hardware. In: Proceedings of the 30th annual computer security applications conference. ACM, pp 256–265
Vanhoef M, Piessens F (2017) Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 1313–1328
Vanhoef M, Piessens F (2016) Predicting, decrypting, and abusing WPA2/802.11 group keys. In: 25th USENIX security symposium (USENIX security 16), pp 673–688
Zhu L, Ning B (2010) The design of the CBTC train-ground communication system based on IEEE 802.11g standard. China Railway Sci 31(5):119–124 (in Chinese)
Vanhoef M, Bhandaru N, Derham T, Ouzieli I, Piessens F (2018) Operating channel validation: preventing Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks. In: Proceedings of the 11th ACM conference on security & privacy in wireless and mobile networks. ACM, pp 34–39
IEEE Std 802.11 (2012) Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications
pyDot11. https://github.com/ICSec/pyDot11/. Accessed 1 May 2019
Acknowledgements
This paper was supported by grants from the National Natural Science Foundation of China (No. 61790575, 61603031), Beijing Natural Science Foundation (No. L181004) projects (No. RCS2018K008), and Beijing Laboratory for Urban Mass Transit.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Chi, M. et al. (2020). Multi-channel Man-in-the-Middle Attack Against Communication-Based Train Control Systems: Attack Implementation and Impact. In: Liu, B., Jia, L., Qin, Y., Liu, Z., Diao, L., An, M. (eds) Proceedings of the 4th International Conference on Electrical and Information Technologies for Rail Transportation (EITRT) 2019. EITRT 2019. Lecture Notes in Electrical Engineering, vol 640. Springer, Singapore. https://doi.org/10.1007/978-981-15-2914-6_14
Download citation
DOI: https://doi.org/10.1007/978-981-15-2914-6_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2913-9
Online ISBN: 978-981-15-2914-6
eBook Packages: EngineeringEngineering (R0)