AES-CMAC decrypting for encrypted communications
Brief
Perform automatic decryption checks on PVS (Ethernet protocol for communication between railway equipment) frames encrypted according to AES and CMAC coding levels.
Project challenge
Create a software tool, independent of the signalling equipment’s application software, which enables verification of the latter’s correct application of encryption and decryption algorithms for encrypting vital information.
Solution
NIER proposed and created two stand-alone software solutions (T3 tools according to the CENELEC 50128 standard) to be applied to the Process Software Validation process in order to verify the mitigation of hazard threats.
Execution phases
Analysis of the algorithms implemented by the application software.
Bibliographic analysis of the state of the art of the CMAC and AES crypting algorithms.
Identification of alternative algorithms to those of the process software to ensure software diversity of the proposed solution.
Software testing according to encrypting reference standards and those laid down in CENELEC 50128 (white-box and black-box tests for T3 validation).
Software validation on Ethernet frames produced by operational equipment.
Drafting of the documentation necessary for the validation of the released T3 tool.
Achieved results
Thanks to the SW developed by NIER, the client was able to detect the successful mitigation of a critical issue related to the process software that could allow the intrusion and alteration (malicious subject) of vital information exchanged between railway signalling equipment.
This reduced the time required to validate the application software compared to a traditional approach based on functional analysis alone, which would have provided only statistical confidence that the countermeasure had been correctly implemented for the hazard detected.