Title: TELEMATICS IN COMMUTER RAIL An Application at New Jersey Transit
1TELEMATICS IN COMMUTER RAILAn Application at New
Jersey Transit
- APTA Rail Transit Conference
- June 10, 2002
- Baltimore, Maryland
Presented by
Christopher J. Holliday, P.E. - STV
Incorporated Fred Woolsey - LTK Engineering
Services
2Summary
- Overview of Relevant Technology
- Brief Overview of System Architecture
- Features and Functionality
- What Will This Technology Do for NJT?
3Convergence Railway Industry and Technology
Courtesy BOMBARDIER
Transportation
4MITRAC RemoteSystem Key Features
Courtesy BOMBARDIER
Transportation
5System Architecture
6On-Board Architecture
7ALP 46 Locomotive
8Comet V Cab Car
9Real-Time Status
10Train Information- Operator
11Train Information- Conductor
12TWC Overview
13TWC IT Architecture
14RCU Architecture
15MITRAC Remote Architecture
16Ground Station Software Architecture
17Security Concerns
- Man in the middle attack (eavesdropping) WEP
cracking ? Exposed data - Drive-by hacking
- Falsified data
- Rogue access points
- Unauthorized access
- Exploit remote server vulnerabilities
- Gain access to NJT corporate network
18Security Solutions
- Centrally managed, mutual authentication between
mobile client and access point. - Server RADIUS, LDAP
- Authentication EAP, LEAP
- Improved WEP technology.
- Per-session keys
- Key expiration
- Virtual private network (VPN) with encryption
between mobile client and ground station on wired
LAN. - VPN protocols PPTP, L2TP, IPSec
- Authentication MS-CHAP v2, IKE
- Encryption technologies RC4, MPPE, AES
- Firewall between access point and wired LAN.
19Cisco Aironet 350 EAP Authentication
20Authentication Summary
21NJT Implementation
22MITRAC RemoteSystem Key Benefits
Courtesy BOMBARDIER
Transportation
23MITRAC Remote System Functionality
Functions
Fleet Management
Maintenance and Diagnostics
Administration
Communication Management
Courtesy BOMBARDIER
Transportation
24MITRAC RemoteServices Administration
Courtesy BOMBARDIER
Transportation
25MITRAC RemoteServices Communication Management
Courtesy BOMBARDIER
Transportation
26MITRAC RemoteServices Fleet Management
Courtesy BOMBARDIER
Transportation
27MITRAC RemoteServices Maintenance and
Diagnostics
Courtesy BOMBARDIER
Transportation
28Screen Shots
29Courtesy BOMBARDIER
Transportation
30Courtesy BOMBARDIER
Transportation
31Courtesy BOMBARDIER
Transportation
32What Can NJT Do With This Data?
- Better Labor Utilization
- Better Planning - Short and Long Term
- Better Troubleshooting
- Efficiency Improvements
- More objective data analysis
- Better Train Location Information
- Do More With Less Maximize Available
Resources
33Labor Utilization
- Data Gathering
- Ridership surveys
- HVAC surveys
- Car Train Location - System and Yards
- Advance diagnostic information
- Updates to Information Sign Databases
- Remote Troubleshooting
- Train Crew - DTN
- Wayside Based Techs - RDS
34Planning
- Ridership Information from PLD
- Identify small changes in Ridership Trends
- Size Train Correctly
- Allow Crew to Appropriately Zone the Train
- Introduction of Database Analyst Function
35Troubleshooting
- Real-time View of What is Happening on the
Equipment - From the Wayside
- From the Internet
- Download or View of Health Status of Vehicle
Subsystems
36Thank You!
37A350 Authentication Sequence
- The sequence of events is as follows
- A mobile client associates with an access point.
- The access point blocks all attempts by the
client to gain access to network resources until
the client logs on to the network. - The client supplies a pre-defined username and
password.
38Authentication Sequence (cont.)
- Using 802.1X and EAP, the mobile client and a
RADIUS server on the wired LAN perform a mutual
authentication through the access point. With
Cisco authentication (LEAP), the following
occurs - The RADIUS server sends an authentication
challenge to the client. - The client uses a one-way hash of the
user-supplied password to fashion a response to
the challenge and sends that response to
the RADIUS server. - Using information from its database, the RADIUS
server creates its own response and compares that
to the response from the client. - Once the RADIUS server authenticates the client,
the process repeats in reverse, enabling the
client to authenticate the RADIUS server.
39Authentication Sequence (cont.)
- When mutual authentication is successfully
completed, the RADIUS server and the client
determine a WEP key that is distinct to the
client and provides the client with the
appropriate level of network access. The client
loads this key and prepares to use it for the
logon session. - The RADIUS server sends the WEP key, called a
session key, over the wired LAN to the access
point.
40Authentication Sequence (cont.)
- The access point encrypts its broadcast key with
the session key and sends the encrypted key to
the client, which uses the session key to decrypt
it. - The client and access point activate WEP and use
the session and broadcast WEP keys for all
communications during the remainder of the
session.
41Authentication Sequence (cont.)
- The mobile client and the ground station
establish a VPN tunnel over the WAN and wireless
LAN link, using the authentication and encryption
associated with the particular VPN solution
(e.g., PPTP with MS-CHAP v2 and MPPE).
42Relevant Technologies
- IEEE 802.11b (WiFi) Wireless LAN
- Cellular Digital Packet Data (CDPD)
- Point-to-Point Tunneling Protocol (PPTP) RFC
2637 - Extensible Authentication Protocol (EAP) RFC
2284 - Challenge-Handshake Authentication Protocol
(CHAP) RFC 1994 - MS-CHAP version 2 INTERNET-DRAFT EAP MS-CHAP-V2
- Microsoft Point-to-Point Encryption Protocol
(MPPE) RFC 3078
43Presentation Contents
- Convergence Railway Industry and Technology
- System Key Features
- System Benefits
- System Architecture
- Overall Architecture
- Software Architecture
- Ground Station
- Mobile Station
- System Functionality (Services)
- Administration
- Communication Management
- Fleet Management
- Maintenance and Diagnostics
- System in Action