Digitaliserad nyckelhantering inom järnvägen
Information
Författare: Fredrik FleronBeräknat färdigt: 2024-06
Handledare: Karin Bucht
Handledares företag/institution: Trafikverket
Ämnesgranskare: Anders Arweström Jansson
Övrigt: -
Presentation
Presentatör: Fredrik FleronPresentationstid: 2024-05-24 09:15
Opponent: Joel Thyberg
Abstract
The key management system for ERTMS is for now governed by an archaic offline solution,
where people transport these keys between the entities and the key management center using
devices such as CD- or USB-drives. The proposed online solution can instead also provide
transport of keys using industrial standard Transport Layer Security (TLS) protocol. This thesis
aims to provide insight for the Swedish railway operators in the components that govern an
implementation of such a cryptographic key management system, in terms of the mandatory
technological parts and organizational roles in this socio-technical system. Since the railway
companies can be seen as the users of this system, the thesis highlights the complexity regarding
fulfilling these security requirements from a user perspective. The results show a conflict of
security and efficiency of the offline system, where the security requirements do not reflect the
needs of the users and as such lower the efficiency due to lowered usability. The results highlight
that a successful implementation of an online system is desired from a usability standpoint of the
user. Furthermore, a complete online key management system cannot be established yet until the
centralized European public key infrastructure has been developed. Ambiguity in an online
solution still exists, but is in continuous development and with higher security requirements to
come deriving from IEC 62443. For well-functioning ERTMS on a European level, this thesis
shows that a minimum security requirement for a cryptographic key management system should
be established to avoid ambiguity and autonomy in the security requirements of different
European countries. In conclusion, in the near future smaller operators are recommended to
aquire an online system as a service, from for example its current supplier, and for bigger
operators to evaluate whether to do the same or develop its own key management system and
provide it as service for other railway operators. This key management system should include
parts such as a Public Key Infrastructure (PKI), a Key Management Center (KMC), TLS, back-
up of the system, a logging system, utilize hardware security modules (HSM) to handle
cryptographic material and have staff covering the organizational requirements.