Security in Rail IoT Systems: An IoT Solution for New Rail Services

Security in Rail IoT Systems: An IoT Solution for New Rail Services

Francisco Parrilla Ayuso (Indra Sistemas S.A., Spain), David Batista (Indra Sistemas S.A., Spain), Daniel Maldonado (Indra Sistemas S.A., Spain), Jon Colado (Indra Sistemas S.A., Spain), Sergio Jiménez Gómez (Indra Sistemas S.A., Spain), Jorge Portilla (Universidad Politécnica de Madrid, Spain), Gabriel Mujica (Universidad Politécnica de Madrid, Spain) and Jaime Señor (Universidad Politécnica de Madrid, Spain)
DOI: 10.4018/978-1-7998-5068-7.ch013
OnDemand PDF Download:
No Current Special Offers


Indra Sistemas S.A. have designed and developed a safety and secure solution system for the rail transportation environment based on a distributed architecture under the domain of the Industrial IoT that enables V2V, V2I, and I2I communications, allowing peer-to-peer data sharing. UPM has designed and implemented a HW-based security infrastructure for extreme edge devices in IoT. The implementation takes advantage of HW accelerator to enhance security in low resources devices with a very low overhead in cost and memory footprint. Current security solutions are problematic due to centralized control entity. The complexity of this kind of system resides in the management, in a decentralized way, of the security at each point of the distributed architecture. This chapter describes how the system secures all the infrastructure based on a distributed architecture without affecting the throughput and the high availability of the data in order to get a top-performance, in compliance with the strengthen safety and security constrains of the rail environment's regulations.
Chapter Preview


The Internet of Things (IoT) has appeared strongly in the market since the last decade, scaling through different environments and trying to make easier the life of EU citizens. The rail environment is suffering a process of adaptation to the new technologies that cannot ignore the power of IoT networks to build innovative solutions in that field.

The railway market is a regulated environment which must guarantee the safety and security of the rail systems deployed, by applying a set of rules clearly defined by the railway regulation organizations (i.e. CENELEC (European Committee for Electrotechnical Standardization, 2010)). In this context, the rail domain is an attractive market to develop wireless technologies which may replace classic wired systems with innovative solutions.

The Internet of Things (IoT) as one of the major enablers of the digital transformation trend Europe will enable both obtaining information from the IoT systems and providing data to them. These concepts are possible by using wireless sensors and actuators in a solid manner. Moreover, these systems are having major benefits for usage, such as increased flexibility, mobile applications, weight reduction, adaptability for changes and the recently added trustworthiness by reason of the next projects.

The DEWI (Dependable Embedded Wireless Infrastructure) project was the starting point to demonstrate the feasibility of the deployment wireless solutions for the rail domain concerning safety applications.

The SCOTT (Secure Connected Trustable Things) project continues the DEWI works by implementing security and trustability in the communications in several domains, including the rail sector. This project adds new end-to-end secured, trustworthy and interoperable wireless capabilities between trains (V2V communications) and between train and infrastructure (V2I/I2V communications) (X2Rail-1, 2018) to solve the hazardous situations relating to safety that can occurs in typical rail lines. Moreover, the introduction of cloud-based platforms in the context of SCOTT project, improves the efficiency and reduce the cost of the rail services.

The systems needs to be continuously evolved and adapted to their new environment ensuring and increasing their trustworthiness, quality and user experience. The DevOps movement advocates a set of software engineering best practices and tools, to ensure Quality of Service whilst continuously evolving complex systems and foster agility, rapid innovation cycles, and ease of use. Current DevOps solutions also lack mechanisms to ensure end-to-end security and privacy, mechanisms able to take into consideration open context and actuation conflicts and perform continuous deployment and evolution of IoT systems across, IoT, edge, and cloud spaces.

To solve this, ENACT (Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems) project intends to introduce the DevOps movement by generating enablers for the monitoring of operations in a smart IoT Systems context, solving the former mentioned issues for IoT systems. Moreover, ENACT assesses the feasibility of IoT services in the domain of train control for the rolling stock and the on-track equipment logistics and maintenance, combining IoT architecture and platforms with cloud resources.

Shift2Rail European initiative has launched several innovations programs to accelerate the integration of new and advanced technologies into innovative rail product systems. In this context, one of the projects which makes use of wireless technologies is X2Rail-1 (Start-up activities for Advanced Signalling and Automation Systems). This project proposes, among other innovative solutions, the use of wireless communications in signalling systems, especially for the control of wayside objects in a smart way (X2Rail-1, 2016).

Joining the efforts of X2Rail-1, DEWI, SCOTT, and ENACT projects, a secure platform for the integration of new rail services making use of IoT technologies has been design and implemented by Indra. This platform covers all edge data collection, wireless communication systems, and Cloud services. The present document intends to explain the features of this platform and how it accomplishes the needed requirements concerning security for safety-related systems.

The document is organized in chapters to provide a complete view of the security aspects that a Rail IoT system requires:

Key Terms in this Chapter

MQTT (Message Queue Telemetry Transport): Open protocol server/client based on publish-subscribe network protocol which transport messages between smart sensors and devices.

Fog Computing: Network architecture that uses edge devices to extend different services from the outer edges where data is created to the cloud where the data is located and accessible for different users.

IoT (Internet of Things): A system of interconnected devices with the capacity of establish communication along a network without needing human interaction.

Communication Middleware: Part of the system in charge of processing the services and works as the core for the integration of all the different systems.

Edge Device: Intelligent objects in an IoT system which control the data flow between two networks.

AI (Artificial Intelligence): It is a branch of the computed science focus on the designs and implementation of smart machines oriented to solve issues that are typically required human intelligence.

Cloud Computing: Availability to provide several services, especially data storage, without direct user management.

AMQP (Advanced Message Queuing Protocol): Open standard application layer protocol with message orientation, queuing, routing and security as main features.

Complete Chapter List

Search this Book: