Publications

An overview of papers and publications I have been accepted and published in.

RSSRAIL 2016 - "A Formal Security Analysis of ERTMS Train to Trackside Protocols"

Tom Chothia, Joeri de Ruiter and Richard J. Thomas

This paper works to provide a formal security analysis of not only the EuroRadio protocol but also models the counter-based timestamps and assesses the relative security of it, making recommendations where required.

More information on this paper can be found here.

ASIACCS 2017 - "An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols"

Tom Chothia, Mihai Ordean, Joeri de Ruiter and Richard J. Thomas

This paper details an attack against the ERTMS MAC Algorithm, a modified DES-based version of the ISO9797 MAC Algorithm 3. We analyse this MAC algorithm in detail, and provide details on potential weaknesses, and makes appropriate recommendations.

More information on this paper can be found here.

USENIX ASE 2017 - "Jail, Hero or Drug Lord? Turning a Cyber Security Course Into a 11 Week Choose Your Own Adventure Story"

Tom Chothia, Sam Holdcroft, Andreea-Ina Radu and Richard J. Thomas

This paper presents the results of running a gamified story as part of the teaching of undergraduate students in an introductory cybersecurity course taught at the University. We show how results improved for those taking part in the story and how it may be applied to other courses.

More information on this paper can be found here.

ACSAC 2017 - "TRAKS: A Universal Key Management Scheme for ERTMS"

Richard J. Thomas, Mihai Ordean, Tom Chothia and Joeri de Ruiter

This paper presents a new Key Management Scheme for use in ERTMS and wider applications on the railways. Here, we present TRAKS, a backwards-compatible, post-quantum key management scheme that reduces the complexity of key management on the railways, while enabling Infrastructure Managers to protect EuroBalise payloads which are currently unauthenticated. To our knowledge, we provide the first formal definition of ERTMS Key Generation and define TRAKS as a framework for implementation on the railways and in ICS Settings.

More information on this paper can be found here.