[SystemSafety] ERTMS Balise security vulnerabilities

Peter Bishop pgb at adelard.com
Wed Jul 1 17:48:16 CEST 2015 

I don't know of any quantitative analyses.
The problem is that threats are so variable.
It is easier to postulate specific attacks and the capability level needed
to implement them (e.g. from nation state downwards).
On 1 Jul 2015 09:48, "paul cleary" <clearmeist at hotmail.com> wrote:

> Thanks a lot Peter,
>
> I've come across this report in the past. It's high level and draws
> attention to the risk of balise security, but doesn't consider actual
> threat scenarios or consider probabilities of risk that's given threats
> could occur.
>
> With that in mind I was keen to find reports detailing qualitative and
> quantitative analysis of threats to the balise, balise tool and
> communication across the air gap.
>
> For eg assessing the likely threats and probabilities of Hacking into the
> Balise Programing Tool or which communicates with the balise across the air
> gap or by intercepting/inserting packets passing across the air gap
> remotely
>
> *Paul Cleary * BSc MSc CEng MIRSE
>
>
>
> E: pclearyrail at gmail.com
>
> M: + <+44%20(0)7860%20861979>66(0)406158643
>
>
>
> On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb at adelard.com> wrote:
>
> You could take a look at this.
>
> http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
>
>
> Peter Bishop
>
>
> On 27 June 2015 at 11:12, Paul Work <pclearyrail at gmail.com> wrote:
>
>> Hi,
>>
>> Does anybody know of research into security vulnerabilities for ERTMS
>> Balise, including any quantitative assessment of risks, such as acquisition
>> of proprietary tools used to interface with Balise
>>
>> *Paul Cleary * BSc MSc CEng MIRSE
>>
>>
>>
>> E: pclearyrail at gmail.com
>>
>> M: + <+44%20(0)7860%20861979>66(0)406158643
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>>
>>
>
>
> --
>
> Peter Bishop
> Chief Scientist
> Adelard LLP
> Exmouth House, 3-11 Pine Street, London,EC1R 0JH
> http://www.adelard.com
> Recep:  +44-(0)20-7832 5850
> Direct: +44-(0)20-7832 5855
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150701/2e6af542/attachment.html>

More information about the systemsafety mailing list