PTC Secure Communication System

Highlights

In 2018, we were contacted by one of the largest global companies in the Rail sector, which intended to implement a PTC system as part of a rail line update project. To transfer dynamic information between distant wayside devices and moving trains, the system had to enable stable and secure wireless communication, making any data breach impossible.

Challenge

Customer Challenge

Ensure the safe movement of trains without compromising security within the existing wayside infrastructure.

Project Objective

Provide secure communications between railroad vehicles and wayside equipment.

Solution

To manage communication between locomotives and wayside devices in a secure manner, we have solved two interdependent, but separate technical tasks: implemented a Key Management System (KMS) to generate keys for secure communications to ensure confidentiality of transferred data, and provided secure communication of the railroad assets using these keys. 

Considering the Key Management System functions to generate certificates for each component of the system, create encryption keys, and keep them up-to-date, the PSA team has designed the system's architecture based on the client-server model. The team has developed an API for internal components that support communication with MCM/BRCM (locomotives and wayside), as well as with external KMS servers. The architecture is presented in the picture below:

img

To develop the Key Management System we defined the required database structure, implemented the required core, web, log, event, CA interaction and notification components, secure storage for message keys, configured all components as well as external and internal communication links, and prepared the deployment package. The Certification Authority (CA) interaction component was used to validate certificates. 

To support  implementation and testing, we developed corresponding CA scripts for certificate creation, configured test CA and OCSP servers, and established connections between the test CA and KMS.  

To provide convenient interaction with the KMS system, we implemented a web user interface. At this stage, we performed the following:

  • defined use-cases,

  • worked with UI prototyping and workflows,

  • completed UI/UX design for the web pages,

  • implemented HTML/CSS templates,

  • Implemented necessary functional logic.

An existing radio link connection and communication protocol were utilized for the PTC Secure Communications System. Existing communication protocol was extended to support encrypted messages processing. Thus, locomotives and wayside equipment could exchange messages via existing radio links, using existing communication protocol and the keys provided by KMS.

Development Included

  • Requirements review and analysis
  • Software development and configuration
  • Communication subsystem implementation
  • Testing documentation development and update
  • Web UI and backend implementation
  • VectorCAST-based unit test implementation
  • Final integration onsite

Result

The PTC system within the existing rail line provides support for fully secure wayside-to-train communications and is protected against unauthorized access.

Technology Breakdown

Project size
  • 1 Project Manager
  • 4 Software Engineers
  • 1 QA Engineer
  • 1 Technical Writer
  • 1 Graphics Designer
Duration
  • Jan 2018 – Feb 2019

Let's Connect

Learn more about how we engage and what our specialists can do for you
This site includes photos from Pixabay licensed under CC0 Illustrations by Storyset images by Freepik.