WO2019096610A1 - Système et procédé d'émission et de réception de données pour un véhicule ferroviaire - Google Patents

Système et procédé d'émission et de réception de données pour un véhicule ferroviaire Download PDF

Info

Publication number
WO2019096610A1
WO2019096610A1 PCT/EP2018/080185 EP2018080185W WO2019096610A1 WO 2019096610 A1 WO2019096610 A1 WO 2019096610A1 EP 2018080185 W EP2018080185 W EP 2018080185W WO 2019096610 A1 WO2019096610 A1 WO 2019096610A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
test device
communication device
rail vehicle
security system
Prior art date
Application number
PCT/EP2018/080185
Other languages
German (de)
English (en)
Inventor
Georg Lohneis
Original Assignee
Siemens Mobility GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Mobility GmbH filed Critical Siemens Mobility GmbH
Publication of WO2019096610A1 publication Critical patent/WO2019096610A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]

Definitions

  • the invention relates to a system for transmitting and receiving data, in particular for a rail vehicle, comprising at least one communication device for establishing a wireless data connection with an external communication device, at least one control device for processing and generating data and having at least one with the at least one control device schwlei tend connected bus system. Furthermore, the inven tion relates to a method for transmitting and receiving data between an external communication device and at least one communication device of a rail vehicle.
  • Wireless communication connections between rail vehicles and base stations or external communication devices are protected.
  • Typical mechanisms for protecting such communication links are, for example, VPN tunnels and the use of firewalls.
  • Detection or attack detection known, which are used to protect the wireless communication links.
  • the object of the invention is to propose an improved method for protecting a control plane of a rail vehicle against accessing third parties and a secure system for transmitting and receiving data.
  • a system for transmitting and receiving data in particular for a rail vehicle, includes at least one communication device for establishing a wireless data connection to an external communication device.
  • the system has at least one Steuervorrich device for processing and generating data and at least one with the at least one control device venezlei tend connected bus system.
  • the at least one communication device can be connected to the at least one bus system by at least one security system for checking and filtering of received or transmitted data.
  • the at least one security system serves as protection in the data traffic between the external communication device and the at least one communication device of the rail nenhuss.
  • direct access to the control level of the rail vehicle can be prevented by the at least one safety system since the control level is decoupled from the at least one communication device via the at least one safety system.
  • the external communication device may be, for example, a wireless communication device in a railway station, a mobile radio base station, or the like.
  • the at least one communication device of the rail vehicle can gain access to a network or an Internet via the wireless communication link.
  • the access can be done directly or via other external communication devices.
  • the at least one security system of the system according to the invention is preferably performed as part of the rail vehicle and can protect at least one as a control plane of the rail nenhuss executed bus system from a direct access to third parties, for example via the Internet.
  • the at least one security system preferably has filters and / or security protocols for checking and monitoring the received and transmitted data.
  • the Sich mecanicssys system may be constructed in the form of modular control devices or electronic components or be executed as a software solution.
  • the respective filters or security protocols can be embodied as independently operating operating systems or virtual machines which can check and forward the received or transmitted data.
  • the at least one bus system can be designed, for example, as a wired and / or wireless network for connecting at least one control device.
  • the at least one control device may preferably be at least one control device for monitoring, regulating and controlling safety-related functions of the rail vehicle. Furthermore, the at least one control device can be used to control the rail vehicle. In contrast to the already known methods, in the system according to the invention the monitoring of the known protocols or interfaces and their contents must be implemented only once in the rail vehicle.
  • the attack protection of the control level and the relevant bus systems can be increased by this measure and the risk of intrusion of attackers into the vehicle control level can be effectively eliminated.
  • the at least one security system has an input interface and can be connected to the at least one communication connection via the input interface.
  • the input interface of the at least one security system can be embodied as a hardware, for example in the form of a network card, USB connection and the like.
  • the input interface may be designed as software on a computer or control unit.
  • the input interface can be a virtual machine installed on the control unit and can receive the data of the at least one communication connection.
  • the data can preferably be received in a first instance from the input interface.
  • the input interface of the at least one security system has a firewall and / or attack detection.
  • the data transmitted via the communication connection to the rail vehicle or to the system can be checked by a firewall and / or intrusion detection before forwarding.
  • the received data can thus be subjected to a preliminary check in a first step. Subsequently, the received data can be forwarded to a first test device.
  • the at least one security system has a first test device connected in a data-conducting manner to the input interface for testing data received by the at least one communication device.
  • the first test apparatus may be configured as hardware or as software of a controller or a computer.
  • the first test device can for example be designed as a gateway or a protocol converter or converter or as a virtual machine in a control device of the rail vehicle.
  • the data forwarded by the input interface can be fed to the first tester.
  • the data is subjected to a filtering process.
  • the forwarded data is analyzed for validity by the first checking device.
  • Valid or allowed data or data packets can be forwarded or further processed by the first test device. Unauthorized data packets are sent back to the input interface by the first test device with an error message as the return value.
  • the at least one security system has a second test device connected to the first test device for receiving data checked by the first test device and for forwarding the checked data to the at least one control device via the at least one bus system.
  • the data analyzed by the first test device will be sent to a second one upon successful validation Test device forwarded or sent. This can be done in the form of a hardware solution via a proprietary interface or via a secure line.
  • the data may be encrypted or encoded prior to transmission from the first tester.
  • the second test device can be configured analogously to the first test device as a virtual machine on a memory of a control device of the rail vehicle.
  • the first and the second test apparatus form separate and independent operating systems or virtual machines, which are executed on the control unit.
  • the data transmission can take place here via a protected protocol.
  • the second test device can decode or decrypt the transmitted data and thus convert it into a conventional data format which can be used by the at least one bus system and the at least one control device.
  • the second test device a further check or validity analysis of the received data can take place. After retesting the data or data packets example, to the Leittechnikebene the rail vehicle warge be forwarded. The test can be pronounced here in the form of a filter process.
  • the re-examination can create a further hurdle, preventing unauthorized data from being analyzed by analyzing the data packets in the second test apparatus before passing them on to the management level of the rail vehicle. It can thus be ensured that only permitted data packets are forwarded to the at least one bus system or the control level. In this way, access by a third party can be prevented since only valid data is forwarded to the control level or the at least one bus system.
  • knowledge of the structure of the proprietary protocol and of the security device must be available in order to be able to forward valid data packets to the management level.
  • the second test device has physical access to Ethernet interfaces of the at least one bus system or the control level of the rail vehicle.
  • the first test device and the second test device are each a data filter and / or a protocol converter.
  • a method for transmitting and receiving data between an external communication device and at least one communication device of a rail vehicle is provided.
  • data sent by the external communication device to the at least one communication device of the rail vehicle is received by an input interface of a security system and forwarded to a first checking device.
  • the data is then analyzed for validity by the first tester.
  • the data are encoded in a positive validity analysis by the first test device and transmitted to a second strigvor direction, while the coded data transmitted are decoded by the second test device and passed through the at least one bus system to at least one Steuervorrich device.
  • the data transmitted to the at least one bus system can be decoupled from the at least one communication device by the first and the second test apparatus.
  • a bidirectionally secure connection between the two test devices can be established in this way, which can technically easily prevent unauthorized access.
  • the two test devices can be hardware-based or software-based and thus, for example, pronounced as part of a control unit of the rail vehicle or installed on a memory of the control unit.
  • a fault message is sent to the interface of the at least one backup system in the case of a negative validity analysis by the first checking device.
  • the data is transmitted between the first checking device and the second checking device of the at least one security system via a proprietary interface. This allows ei ne protected transmission can be realized, which can not be manipulated by ei nen access from third.
  • the data generated by the at least one control device is transmitted via the at least one bus system to the second test device of the safety system, and then to the first test device. direction and over the first test device following the interface to the at least one Ltdunikationsvorrich device are directed.
  • the data or data packets can thus be forwarded from the control level or the at least one bus system directly to the at least one communication device of the rail nenaffs.
  • the sending and receiving of data packets can be decoupled from each other.
  • FIG. 1 shows a schematic representation of a rail vehicle with a system according to an exemplary embodiment Aust invention
  • FIG. 2 shows a schematic representation of the system according to which he inventive embodiment.
  • FIG. 1 shows a schematic representation of a rail vehicle 1 with a system 2 for transmitting and receiving data according to an embodiment of the invention.
  • the rail vehicle 1 has a wireless communication connection to an external communication device 4.
  • the external communication device 4 is a base station of a mobile radio cell.
  • the system 2 For establishing the wireless communication connection, the system 2 has an in-vehicle communication device 6 which is arranged on the rail vehicle 1.
  • the communication device 6 is guided here as an antenna.
  • the system 2 has a security system 8, wel ches a bus system 10 of the system 2 with the communication device 6 data-conducting connects. This can be implemented, for example, by Ethernet cables.
  • the security system 8 is configured as a control unit 8 arranged in the rail vehicle 1 and has a plurality of connections for connecting the communication device 6 and the bus system 10.
  • the bus system 10 is embodied as a control level of the rail vehicle 1 and connects a plurality of control devices 12, 14 via the security system 8 to the communication device
  • the control devices 12, 14 may be, for example, control devices for receiving and processing control commands or route shares.
  • Rail vehicle 1 interact or influence such functions.
  • the backup system 8 is for analyzing and filtering the data received by the communication device 6.
  • the bus system 10 can be protected by the security system 8 from access by a third party.
  • FIG. 2 shows a schematic representation of the Sys tem 2 according to the embodiment of the invention shown in De tail.
  • the security system 8 has an input interface 16 for data-connecting the security system 8 to the communication device 6, a first test device 18 and a second test device 20 for filtering and analyzing data passed through the security system 8 and a proprietary connection 22 between the first Entrevor device 18 and the second test device 20th
  • the control level 10 can be decoupled from the communication device 6.
  • said components 16, 18, 20, 22 of the security system 8 are hardware-based implemented as a control device.
  • the input interface 16 receives the data at the input interface or at the communication device 6.
  • the data can be checked here by a firewall and intrusion detection before forwarding.
  • the received data is then forwarded to the first test device 18.
  • the first test device 18 serves as a filter and protocol converter. With a filter process, the data is analyzed by the first tester 18 for validity.
  • the transmission of the data from the first test device 18 to the second test device 20 can take place via a proprietary interface 22.
  • the transfer may preferably be carried out in a protected form.
  • the data can be coded or protected by a specific protocol transmitted to the second test device 20.
  • the second test device 20 converts the content of the pa kete or the data back into a standard data format and then forwards the data after re-testing to the control center level or the bus system 10 on.
  • the re-examination by a filtering process of the second checking device 20 is made to build another hur de if unauthorized data packets are forwarded.
  • control devices 12, 14 If data are generated by the control devices 12, 14, the data is forwarded in reverse order.
  • four control devices 12, 14 is provided, wherein the number of control devices 12, 14 is vehicle-dependent and greater than or equal to one.
  • the data is transferred to the bus system 10 and then passed from the second test device 20 via the first test device 18 and the input interface 16 to the device 6 Varunikationsvor. Thus, the sending and receiving of data packets is decoupled.
  • the attack protection of the control level is increased by this measure, thereby preventing the risk of intrusion of Angrei far away on the vehicle management level, or at least he sword.

Abstract

L'invention concerne un système d'émission et de réception de données, en particulier pour un véhicule ferroviaire, comprenant au moins un dispositif de communication pour établir une liaison de données sans fil avec un dispositif de communication externe, au moins un dispositif de commande pour le traitement et la production de données et au moins un système de bus relié audit au moins un dispositif de commande de manière à transférer des données, ledit au moins un dispositif de communication pouvant être relié audit au moins un système de bus par l'intermédiaire d'au moins un système de sécurité destiné à contrôler et à filtrer des données reçues ou émises. L'invention concerne en outre un procédé d'émission et de réception de données.
PCT/EP2018/080185 2017-11-15 2018-11-05 Système et procédé d'émission et de réception de données pour un véhicule ferroviaire WO2019096610A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017220371.4 2017-11-15
DE102017220371.4A DE102017220371A1 (de) 2017-11-15 2017-11-15 System und Verfahren zum Senden und zum Empfangen von Daten

Publications (1)

Publication Number Publication Date
WO2019096610A1 true WO2019096610A1 (fr) 2019-05-23

Family

ID=64270847

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/080185 WO2019096610A1 (fr) 2017-11-15 2018-11-05 Système et procédé d'émission et de réception de données pour un véhicule ferroviaire

Country Status (2)

Country Link
DE (1) DE102017220371A1 (fr)
WO (1) WO2019096610A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022206426A1 (de) 2022-06-27 2023-12-28 Siemens Mobility GmbH Verfahren zur Absicherung einer Datenverbindung

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030154399A1 (en) * 2002-02-08 2003-08-14 Nir Zuk Multi-method gateway-based network security systems and methods
DE102011076350A1 (de) * 2011-05-24 2012-11-29 Siemens Aktiengesellschaft Verfahren und Steuereinheit zur Erkennung von Manipulationen an einem Fahrzeugnetzwerk
US20160301714A1 (en) * 2013-12-11 2016-10-13 Continental Teves Ag & Co. Ohg Method for operating a security gateway of a communication system for vehicles
US20170075835A1 (en) * 2014-03-20 2017-03-16 Audi Ag Control device in a motor vehicle, a motor vehicle, and a method for operating a control device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030154399A1 (en) * 2002-02-08 2003-08-14 Nir Zuk Multi-method gateway-based network security systems and methods
DE102011076350A1 (de) * 2011-05-24 2012-11-29 Siemens Aktiengesellschaft Verfahren und Steuereinheit zur Erkennung von Manipulationen an einem Fahrzeugnetzwerk
US20160301714A1 (en) * 2013-12-11 2016-10-13 Continental Teves Ag & Co. Ohg Method for operating a security gateway of a communication system for vehicles
US20170075835A1 (en) * 2014-03-20 2017-03-16 Audi Ag Control device in a motor vehicle, a motor vehicle, and a method for operating a control device

Also Published As

Publication number Publication date
DE102017220371A1 (de) 2019-05-16

Similar Documents

Publication Publication Date Title
EP3662601B1 (fr) Concept de transmission unidirectionnelle de données
DE102015002574B4 (de) Kraftfahrzeug- Kommunikationsnetzwerk mit Switchvorrichtung
DE102005028663A1 (de) Verfahren und Vorrichtung zum sicheren Kommunizieren einer Komponente eines Fahrzeugs über eine drahtlose Kommunikationsverbindung mit einem externen Kommunikationspartner
EP3295645B1 (fr) Procédé et système de transmission sans effet rétroactif de données entre réseaux
DE102016206630A1 (de) Verfahren und Vorrichtung zur Vermeidung von Manipulation einer Datenübertragung
EP3688958B1 (fr) Système et procédé de transmission sécurisée de données
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
WO2019096610A1 (fr) Système et procédé d'émission et de réception de données pour un véhicule ferroviaire
DE10200681B4 (de) Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen
DE102020121540A1 (de) Bestimmungseinrichtung, Bestimmungssystem, Speichermedium, das ein Programm speichert, und Bestimmungsverfahren
WO2015062812A1 (fr) Système à fonction de sécurité avec superviseur
DE102019129628B3 (de) Verfahren und Steuergerät zum Detektieren eines unautorisierten Datenverkehrs in einem paketorientierten Datennetzwerk eines Kraftfahrzeugs sowie entsprechendes Kraftfahrzeug
WO2020109200A1 (fr) Procédé de surveillance d'un système de transmission de données, système de transmission de données et véhicule à moteur
EP1548992B1 (fr) Systéme pour maintenir la communication sans erreur dans un bus de données
EP3661830B1 (fr) Concept pour la surveillance d'un trafic réseau entrant dans un poste d'aiguillage
EP3603011B1 (fr) Dispositifs et procédé de fonctionnement d'une communication mobile avec un dispositif côté trajet
EP2118708A1 (fr) Système de commande d'un dispositif technique
DE102016208869A1 (de) Verfahren zum Betreiben einer Datenverarbeitungsvorrichtung für ein Fahrzeug
EP3823235A1 (fr) Transfert de données vérifié de manière spécifique à la connexion à l'aide d'une connexion réseau authentifiée de manière cryptographique
DE102022209780A1 (de) Sichere ethernet-basierte kommunikation zwischen zwei controller area networks (can)
EP3700171A1 (fr) Vérification et confirmation de la configuration de sécurité de l'accès réseau sur un serveur de rendez-vous
WO2017211933A1 (fr) Couplage d'un appareil de téléphonie mobile avec un véhicule et surveillance du couplage
WO2020069852A1 (fr) Procédé de sécurisation d'un paquet de données par un centre de commutation dans un réseau, centre de commutation et véhicule automobile
WO2018083159A1 (fr) Procédé et dispositif pour faire fonctionner un réseau de bord de véhicule, programme d'ordinateur et produit programme d'ordinateur
WO2016116207A1 (fr) Dispositif de commande électronique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18800566

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18800566

Country of ref document: EP

Kind code of ref document: A1