Y. Wu, Z. Wei, J. Weng and R. H. Deng, "Position Manipulation Attacks to Balise-Based Train Automatic Stop Control," in IEEE Transactions on Vehicular Technology, vol. 67, no. 6, pp. 5287-5301, June 2018. doi: 10.1109/TVT.2018.2802444
Balise is a popular wayside device to provide accurate location information for subway station parking by sending telegrams to passing trains. By craftily disturbing wireless signals of balise telegrams, this paper proposes three attacks which may make passengers fall and even cause injury. Concretely, the first attack is to jam telegrams such that balises can not be detected by a passing train; the second attack changes the location of transmitting telegrams by jamming and replaying; and the third attack is to change the total time of transmitting telegrams. All the attacks exploit the train localization mechanism such that a passing train localizes its position inaccurately and then takes improper control actions. Furthermore, since these attacks are
independent, they can be launched at the same time to achieve advanced attacks. As the attacks do not require to tamper with the balises, they can be launched easily. Our simulations demonstrate the effectiveness of the proposed attacks. To defeat these attacks, the received telegrams need be verified by a train based on fidelity of telegram data.
National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate.