Return to search

Digitaliserad nyckelhantering inom järnvägen : Krypteringsnyckelhantering inom digitaliserad järnväg med ett järnvägsoperatörsperspektiv

The key management system for ERTMS is for now governed by an archaic offline solution,where people transport these keys between the entities and the key management center usingdevices such as CD- or USB-drives. The proposed online solution can instead also providetransport of keys using industrial standard Transport Layer Security (TLS) protocol. This thesisaims to provide insight for the Swedish railway operators in the components that govern animplementation of such a cryptographic key management system, in terms of the mandatorytechnological parts and organizational roles in this socio-technical system. Since the railwaycompanies can be seen as the users of this system, the thesis highlights the complexity regardingfulfilling these security requirements from a user perspective. The results show a conflict ofsecurity and efficiency of the offline system, where the security requirements do not reflect theneeds of the users and as such lower the efficiency due to lowered usability. The results highlightthat a successful implementation of an online system is desired from a usability standpoint of theuser. Furthermore, a complete online key management system cannot be established yet until thecentralized European public key infrastructure has been developed. Ambiguity in an onlinesolution still exists, but is in continuous development and with higher security requirements tocome deriving from IEC 62443. For well-functioning ERTMS on a European level, this thesisshows that a minimum security requirement for a cryptographic key management system shouldbe established to avoid ambiguity and autonomy in the security requirements of differentEuropean countries. In conclusion, in the near future smaller operators are recommended toaquire an online system as a service, from for example its current supplier, and for biggeroperators to evaluate whether to do the same or develop its own key management system andprovide it as service for other railway operators. This key management system should includeparts such as a Public Key Infrastructure (PKI), a Key Management Center (KMC), TLS, backup of the system, a logging system, utilize hardware security modules (HSM) to handlecryptographic material and have staff covering the organizational requirements.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:uu-528774
Date January 2024
CreatorsFleron, Fredrik
PublisherUppsala universitet, Avdelningen Vi3
Source SetsDiVA Archive at Upsalla University
LanguageSwedish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess
RelationUPTEC STS, 1650-8319 ; 24005

Page generated in 0.0016 seconds