Digital Rail Summer School: Hacking RaSTA

The RaSTA protocol plays an important role in the data exchange of modern digital interlockings. But does the protocol also offer protection against cyber attacks?
In a hackathon together with students from Hasso Plattner Institute and the University of Passau we are challenging the security specification of RaSTA. In a laboratory environment we attack the IT security properties of the RaSTA protocol stack and gain valuable experience in protecting digital signaling technology. We use the open source RaSTA implementation available on Github.

 

Customer Feedback:

Mario Freund (HPI Student): “As students, we could only benefit from working with INCYDE. We had the opportunity to apply our knowledge from the lectures in practice and to get detailed feedback from security experts. It was particularly good to see that experts from different domains come together at INCYDE and therefore have specialist knowledge from both the area of railway operations and IT security. This is unique in this industry and a huge advantage.”

 

Challenges:

In order to understand and analyze the RaSTA transport protocol, it is necessary to consider the overall context in which RaSTA is used. An isolated consideration based on the protocol specification does not lead to a meaningful result when answering the following key questions:

  • How does modern digital technology affect railway signalling?
  • Digital interlockings utilize standard communication technology: Ethernet, UDP, RaSTA
  • How can railway operational technology be protected from cyberattacks?

 

Results:

The investigation of RaSTA was carried out by a group of motivated students, who used an open source RaSTA implementation and a complete, simulated interlocking environment consisting of interlocking logic, dispatcher workplace and representation of the field elements (points and signals).

  • Hackathon with Students from HPI and Uni Passau
  • Investigate RaSTA’s Security Properties:
    • Full protocol stack context (Ethernet, UDP, RaSTA, SCI-X)
    • Replay attacks
    • Message forgery
  • Analyze Alternatives to Protect the Protocol Stack:
    • TLS, dTLS
    • Effect of TLS vulnerabilities (e.g., Heartbleed)
Back