TRAKS: A Universal Key Management Scheme for ERTMS

This paper presents a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the EuroRadio Protocol to provide message authentication. The current scheme involves distributing tens of thousands of keys using portable media. This involves a prohibitively high burden on management and resourcing. We present a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme additionally reduces the number of cryptographic keys in circulation, while maintaining the current security model. This is achieved through introducing line secrets, which, combined with the ID of the train and signalling system can dynamically derive keys. This scheme also has the benefit of adding authentication to the location and track profile data to trains using EuroBalises.