Indra Sistemas S.A. have designed and developed a safety and secure solution system for the rail transportation environment based on a distributed architecture under the domain of the Industrial IoT that enables V2V, V2I, and I2I communications, allowing peer-to-peer data sharing. UPM has designed and implemented a HW-based security infrastructure for extreme edge devices in IoT. The implementation takes advantage of HW accelerator to enhance security in low resources devices with a very low overhead in cost and memory footprint. Current security solutions are problematic due to centralized control entity. The complexity of this kind of system resides in the management, in a decentralized way, of the security at each point of the distributed architecture. This chapter describes how the system secures all the infrastructure based on a distributed architecture without affecting the throughput and the high availability of the data in order to get a top-performance, in compliance with the strengthen safety and security constrains of the rail environment's regulations.
TopIntroduction
The Internet of Things (IoT) has appeared strongly in the market since the last decade, scaling through different environments and trying to make easier the life of EU citizens. The rail environment is suffering a process of adaptation to the new technologies that cannot ignore the power of IoT networks to build innovative solutions in that field.
The railway market is a regulated environment which must guarantee the safety and security of the rail systems deployed, by applying a set of rules clearly defined by the railway regulation organizations (i.e. CENELEC (European Committee for Electrotechnical Standardization, 2010)). In this context, the rail domain is an attractive market to develop wireless technologies which may replace classic wired systems with innovative solutions.
The Internet of Things (IoT) as one of the major enablers of the digital transformation trend Europe will enable both obtaining information from the IoT systems and providing data to them. These concepts are possible by using wireless sensors and actuators in a solid manner. Moreover, these systems are having major benefits for usage, such as increased flexibility, mobile applications, weight reduction, adaptability for changes and the recently added trustworthiness by reason of the next projects.
The DEWI (Dependable Embedded Wireless Infrastructure) project was the starting point to demonstrate the feasibility of the deployment wireless solutions for the rail domain concerning safety applications.
The SCOTT (Secure Connected Trustable Things) project continues the DEWI works by implementing security and trustability in the communications in several domains, including the rail sector. This project adds new end-to-end secured, trustworthy and interoperable wireless capabilities between trains (V2V communications) and between train and infrastructure (V2I/I2V communications) (X2Rail-1, 2018) to solve the hazardous situations relating to safety that can occurs in typical rail lines. Moreover, the introduction of cloud-based platforms in the context of SCOTT project, improves the efficiency and reduce the cost of the rail services.
The systems needs to be continuously evolved and adapted to their new environment ensuring and increasing their trustworthiness, quality and user experience. The DevOps movement advocates a set of software engineering best practices and tools, to ensure Quality of Service whilst continuously evolving complex systems and foster agility, rapid innovation cycles, and ease of use. Current DevOps solutions also lack mechanisms to ensure end-to-end security and privacy, mechanisms able to take into consideration open context and actuation conflicts and perform continuous deployment and evolution of IoT systems across, IoT, edge, and cloud spaces.
To solve this, ENACT (Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems) project intends to introduce the DevOps movement by generating enablers for the monitoring of operations in a smart IoT Systems context, solving the former mentioned issues for IoT systems. Moreover, ENACT assesses the feasibility of IoT services in the domain of train control for the rolling stock and the on-track equipment logistics and maintenance, combining IoT architecture and platforms with cloud resources.
Shift2Rail European initiative has launched several innovations programs to accelerate the integration of new and advanced technologies into innovative rail product systems. In this context, one of the projects which makes use of wireless technologies is X2Rail-1 (Start-up activities for Advanced Signalling and Automation Systems). This project proposes, among other innovative solutions, the use of wireless communications in signalling systems, especially for the control of wayside objects in a smart way (X2Rail-1, 2016).
Joining the efforts of X2Rail-1, DEWI, SCOTT, and ENACT projects, a secure platform for the integration of new rail services making use of IoT technologies has been design and implemented by Indra. This platform covers all edge data collection, wireless communication systems, and Cloud services. The present document intends to explain the features of this platform and how it accomplishes the needed requirements concerning security for safety-related systems.
The document is organized in chapters to provide a complete view of the security aspects that a Rail IoT system requires: