Ansaldo STS (Francesco Flammini) contribution to the industry session of the European conference on Wireless Sensor Networks (EWSN 2015, Porto, Portugal)

1. EWSN 2015 - 12th European Conference on Wireless Sensor Networks
INDUSTRY SESSION, February 9th 2015, Porto, Portugal
Experimenting Secure WSN for
Railway Surveillance
Francesco Flammini

2. The company
ASTS is a leading international technology
company which specializes in railway
signaling and integrated transport systems
for mass-transit, passenger and freight rail
operations.
www.ansaldo-sts.com
2

3. The rail and mass-transit security business
• Prevention, detection and counteraction of
vandalisms, thefts, sabotage, terrorism, etc.
• Use of smart-technologies for intrusion detection
and surveillance, including audio-video content
analytics
• Relatively new business for companies
developing railway and mass-transit systems
• Several succesful installations worldwide
(Metrocampania, Copenhagen Cityringen, Abu
Dhabi, etc.)
3
Flammini, F., Gaglione, A., Mazzocca, N., Pragliola, C., “Quantitative Security Risk Assessment and Management for Railway Transportation Infrastructures”,
In: Proc. 3rd International Workshop on Critical Information Infrastructures Security (CRITIS’08), Frascati (Rome), Italy, October 13-15, 2008, pp. 213-223.

4. Physical Security Information Management (PSIM)
4Bocchetti, G., Flammini, F., Pappalardo, A., Pragliola, C.: Dependable integrated surveillance systems for the physical security of metro railways. In: Proc. 3rd
ACM/IEEE International Conference on Distributed Smart Cameras (ICDSC 2009), 30 August - 2 September, 2009, Como (Italy): pp. 1-7

5. Towards WSN for rail surveillance: opportunities & issues
PROS:
• Low-cost devices (also low or no cabling costs) measuring several environmental parameters that can be indicative of
physical threats
• Resilience to physical attacks due to easy to implement mesh topology and absence of both power and data cables
• Possibly “Plug’n’play”, easily maintainable and scalable
CONS:
• Radio connection (“open” network) vulnerable to interferences and attacks (jamming, hacking, etc.)
• No “ruggedized” hardware
• Limitation in power, memory and other resources -> power/resource-aware security
5Flammini, F., Gaglione, A., Ottello, F., Pappalardo, A., Pragliola, C., Tedesco, A.: Towards Wireless Sensor Networks for Railway Infrastructure Monitoring. In: Proc.
ESARS 2010, pp. 1--6, Bologna, Italy (2010)

6. Integrating and fusing heterogeneous sensors
6
Flammini, F., Gaglione, A., Mazzocca, N., Moscato, V., Pragliola, C., “Wireless Sensor Data Fusion for Critical Infrastructure Security”, In: Advances in Soft Computing
Vol. 53: Proc. International Workshop on Computational Intelligence in Security for Information Systems (CISIS’08), Genoa, Italy, October 23-24, 2008, pp. 92-99.
DETECT Engine
Alarm level
(1, 2, 3, ...)
Detected
attack
scenario
Event
History
Scenario
Repository

7. The SHIELD framework
• nSHIELD (New SHIELD) is a EU project co-
funded by the ARTEMIS JOINT UNDERTAKING
(Sub-programme SP6) focused on the research
of SPD (Security, Privacy, Dependability) in the
context of Embedded Systems.
• The nSHIELD consortium comprises 5
manufacturers and system integrators (ASTS,
ETH, HAI, ISL, SES), 7 universities (MGEP,
UNIGE, UNIROMA1, UNIUD, TUC, SICS, S-
LAB,), 10 SMEs (AT, TECNALIA, ALFA, ISD,
MAS, NOOM, T2D, TELC, THYIA, SknFnd) and 2
Industrial R&D organizations (SESM, ATHENA).
pSHIELD
Start/end: 01.06.2010 – 31.12.2011
Costs: whole project 5,4 M€
nSHIELD
Start/end: 01.11.2011 – 31.10.2014
Costs: whole project 13 M€
7Fiaschetti, A., Lavorato, F., Suraci, V., Palo, A., Taglialatela, A., Morgagni, A., Baldelli, R., Flammini, F.: On the Use of Semantic Technologies to Model and Control
Security, Privacy and Dependability in Complex Systems. In: Proc. SAFECOMP 2011, pp: 467-479

8. The pSHIELD rail experimentation: architecture
8Casola, V.; Esposito, M.; Mazzocca, N.; Flammini, F., "Freight Train monitoring: A Case-Study for the pSHIELD Project," Innovative Mobile and Internet Services in
Ubiquitous Computing (IMIS), 2012 Sixth International Conference on , vol., no., pp.597,602, 4-6 July 2012

9. The pSHIELD experimentation: functionalities
9

10. The pSHIELD experimentation: security
10
A security attack has been simulated in which an intruder node tries to intercept the
ECDH protocol in order to pick up private information. Since the master node knows the
nodes participating in the protocol and by their ID Number (established at system
deployment), it becomes aware of an intrusion, then it immediately toggles a red led and
stops the communication.
 It allows to establish a shared secret key for channel encryption and a mechanism to achieve broadcast authentication
of query messages sent by the master to the motes through the ECDSA protocol.
 The cryptosystem is based on the WM-ECC library, a publicly available open source implementation of a 160-bit ECC
(Elliptic curve cryptography) cryptosystem.
A mechanism for key exchanging
(between the master and the
motes) based on the ECDH
protocol has been implemented.

11. The nSHIELD experimentation: architecture
11

12. The nSHIELD experimentation: methodology
12
“Safety-world heritage” approach:
- reference railway norms and international standards (CENELEC EN501XX)
- semi(formal) methods like state-based testing already used for ERTMS/ETCS functional verification
- “hardware-in-the-loop” simulation environment with threat-injection capabilities
CENELEC EN 50159 Keywords
Keyword Meaning
Repetition A message is received more than once
Deletion A message is removed from a message stream
Insertion A new message is implanted in the message
stream
Resequencing Messages are received in an unexpected
sequence
Corruption The information contained in a message is
changed, casually or not
Delay Messages are received at a time later than
intended
Masquerade A non-authentic message is designed thus to
appear to be authentic (an authentic message
means a valid message in which the
information is certificated as originated from
an authenticated data source)

13. The nSHIELD experimentation: SPD prototypes
13
Protot.
number
Prototype name
16 Reputation-Based Secure Routing
19 Policy Based Management Framework
20 Control Algorithms
22 Middleware Intrusion Detection System
24 Network Layer Security
25 OSGI Middleware
26 Semantic Model
32 Secure Discovery
33 Security Agent
Security System
-Node_Number
WSN_2
-Node_Number
WSN_1
Middleware
Smart Camera
1 -is part of*
1
-is part of*
-includes1
-is part of*
1 -is part of*
Threat
Bad mounthing
Node Failure
Unauthorized Data Access
Middleware Intrusion
Black Hole
Node Intrusion
Countermeasure
-State
-SPD_value
Prototype 19
-State
-SPD_value
Prototype 24
-State
-SPD_Value
Prototype 16
-State
-SPD_Value
Prototype 22
is installed on
is installed on
is installed on
is installed on
is conteracted by
is effective againist
is conteracted by
is effective against
is counteracted by
is effective against
is conteracted by is effective against
is conteracted byis effective against
is counteracted by is effective against

14. The nSHIELD experimentation: demonstration scenario
14
STEP Description
System
Status
SPD norm Level
2
In WSN_1 a bad mouthing attack has occurred. The middleware is informed that an attack is
occurring and it sends a command to the smart camera to activate its security mechanisms. The
SPD level decreases.
WSN_1: Bad mouthing attack
WSN_2: Encryption 64 bits
Smart Camera: Messaging - no protection
MDW_IDS: Normal
State_03 0
VERY LOW
3
The smart camera improves its SPD functionality and SPD level increases.
WSN_1: Bad mouthing attack
WSN_2: Encryption 64 bits
Smart Camera: Messaging - Authentication & Integrity
MDW_IDS: Normal
State_19 0,3
LOW

15. Lessons learnt, conclusions & future developments
• The usage of WSN in railways is very promising and enables novel real-time monitoring scenarios for
many surveillance and diagnostic applications
• Data security issues can be effectively addressed by the recent research and technological developments
• Several other issues need to be addressed in real-world scenarios to ensure feasibility, like:
• Appropriate enclosures and certification for use on-board
• Installation & maintenance procedures, compliant with railway norms and best-practices
• Energy harvesting options (solar, wind, vibrations, thermal, etc.)
• In fact, railway operators are interested in low-cost, plug’n’play, easy to maintain, reliable, safe and secure
systems… something that is not so easy to achieve at the current state of research and technology!
• While several issues have been already solved regarding data integration and security, still further efforts
are needed for the final industralisation of general-purpose WSN-based solutions for railway applications
15
Hodge, V.J.; O'Keefe, S.; Weeks, M.; Moulds, A., "Wireless Sensor Networks for Condition Monitoring in the Railway Industry: A Survey,
"Intelligent Transportation Systems, IEEE Transactions on , vol.PP, no.99, pp.1,19

16. THANK YOU FOR YOUR ATTENTION