Abstract
The three-key Triple Data Encryption Algorithm (Triple Data Encryption Algorithm is also known in the literature as Triple-Des, or Triple DEA or TDEA) (3Des ) is a symmetric encryption algorithm currently used in the European Traffic Management System (ERTMS) for integrity and authentication purposes. In a recent publication [1], 3Des has been withdrawn in favour of Advanced Encryption Standard (AES ) [2] (The National Institute for Science and Technology (NIST) standard [1] allows to both algorithms can be used for specific purposes until 2030 with the intention of gradually phasing out 3Des towards AES ). In this paper, we have investigated, from a practical point of view, known attacks to 3Des and proved that, in order to carry out such attacks, a disproportionate amount of hardware and money would be necessary. In practical terms this means that these attacks do not represent a realistic risk.
In our work we assume that basic security measures have been taken in the implementation such as: 3Des does not leak any information and a cryptographically secure random number generator for production of the keys is used.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Movement authorities are automatically negotiated at ETCS Level 2 and ETCS Level 3.
References
National Institute of Standards and Technology (NIST): Recommendation for the triple data encryption algorithm (TDEA) block cipher. Technical report (2012)
National Institute of Standards and Technology (NIST): Announcing the advanced encryption standard (AES) (2001)
National Institute of Standards and Technology (NIST): Data encryption standard (des) (1999)
SciEngines: Break Des in less than a single day (2009). http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html
Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)
Merkle, R.C., Hellman, M.E.: On the security of multiple encryption. Commun. ACM 24(7), 465–467 (1981)
Bloomfield, R., Bloomfield, R., Gashi, I., Stroud, R.: How secure is ERTMS? In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP Workshops 2012. LNCS, vol. 7613, pp. 247–258. Springer, Heidelberg (2012)
Capra, G.S.: Protecting critical rail infrastructure. Technical report (2006)
Baldoni, R. et al.: Critical infrastructure protection: threats, attacks, and counter-measures. Technical report (2014)
European Railway Agency: Unisig subset-037, euroradio fis. Technical report (2014)
European Railway Agency: Unisig subset-038, offline key management fis. Technical report (2015)
National Institute of Standards and Technology (NIST): Recommendation for block cipher modes of operation (2001)
European Railway Agency: Subset-114, kmc-etcs entity off-line km fis. Technical report (2015)
Menezes, A., Van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Traverso, M.: Presto: interacting with petabytes of data at facebook (2013)
Hill, K.: Blueprints of nsa’s ridiculously expensive data center in utah suggest it holds less info than thought. Forbes (2013)
National Institute of Standards and Technology (NIST): Recommendation for key management - part 1: general (revision 3) (2012)
Taherkhani, S., Ever, E., Gemikonakli, O.: Implementation of non-pipelined and pipelined data encryption standard (des) using xilinx virtex-6 fpga technology. In: IEEE 10th International Conference on Computer and Information Technology (CIT 2010), pp. 1257–62, Los Alamitos, CA, USA, Engineering Information Science, Middlesex University, London, United Kingdom. IEEE Computer Society (2010)
McLoone, M., McCanny, J.V.: A high performance fpga implementation of des. In: IEEE Workshop on Signal Processing Systems Design and Implementation, SiPS 2000, pp. 374–83, Piscataway, NJ, USA, School of Electrical and Electronics Engineering, Queen’s University Belfast, Belfast, UK. IEEE (2000)
Teo, P.C., Yusoff, Z.M., Sha’ameri, A.Z.: Implementation of pipelined data encryption standard (des) using altera cpld. In: Intelligent Systems and Technologies for the New Millennium, TENCON Proceedings, vol. 3, pp. 17–21, Piscataway, NJ, USA, Faculty of Electrical Engineering, University of Teknologi Malaysia, Johor Bahru, Malaysia. IEEE (2000)
Pépin, F.: A probabilistic framework for 3des to assess railway systems cyber threats (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Pépin, F., Vigliotti, M.G. (2016). Risk Assessment of the 3Des in ERTMS. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2016. Lecture Notes in Computer Science(), vol 9707. Springer, Cham. https://doi.org/10.1007/978-3-319-33951-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-33951-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33950-4
Online ISBN: 978-3-319-33951-1
eBook Packages: Computer ScienceComputer Science (R0)