PTC Secure Communication System
In 2018, we were contacted by one of the largest global companies in the Rail sector, which intended to implement a PTC system as part of a rail line update project. To transfer dynamic information between distant wayside devices and moving trains, the system had to enable stable and secure wireless communication, making any data breach impossible.
Ensure the safe movement of trains without compromising security within the existing wayside infrastructure.
Provide secure communications between railroad vehicles and wayside equipment.
To manage communication between locomotives and wayside devices in a secure manner, we have solved two interdependent, but separate technical tasks: implemented a Key Management System (KMS) to generate keys for secure communications to ensure confidentiality of transferred data, and provided secure communication of the railroad assets using these keys.
Considering the Key Management System functions to generate certificates for each component of the system, create encryption keys, and keep them up-to-date, the PSA team has designed the system's architecture based on the client-server model. The team has developed an API for internal components that support communication with MCM/BRCM (locomotives and wayside), as well as with external KMS servers. The architecture is presented in the picture below:
To develop the Key Management System we defined the required database structure, implemented the required core, web, log, event, CA interaction and notification components, secure storage for message keys, configured all components as well as external and internal communication links, and prepared the deployment package. The Certification Authority (CA) interaction component was used to validate certificates.
To support implementation and testing, we developed corresponding CA scripts for certificate creation, configured test CA and OCSP servers, and established connections between the test CA and KMS.
To provide convenient interaction with the KMS system, we implemented a web user interface. At this stage, we performed the following:
worked with UI prototyping and workflows,
completed UI/UX design for the web pages,
implemented HTML/CSS templates,
Implemented necessary functional logic.
- Requirements review and analysis
- Software development and configuration
- Communication subsystem implementation
- Testing documentation development and update
- Web UI and backend implementation
- VectorCAST-based unit test implementation
- Final integration onsite
The PTC system within the existing rail line provides support for fully secure wayside-to-train communications and is protected against unauthorized access.