INTERNSHIP - Securing an embedded device compliant to international security norms used in Railway

Domain
Engineer - Research
Market
Rail
Location

Izegem, Belgium

Televic Rail

With over 30 years of experience in designing, manufacturing and maintaining on-board communication and control systems, Televic Rail is a leading, trusted partner for railway operators and train builders worldwide.

Its Passenger Information Systems and Control Systems are high quality, tailor-made solutions that offer the flexibility, user-friendliness and stability that our clients ask for. Our various types of on-board control systems such as our bogie monitoring systems are innovative yet reliable products which are designed specifically for the railway business.

Trains and trams all around the world are equipped with Televic Rail solutions, from New Zealand to Canada, from China to the United States, from India to Belgium, England and France.

Topic

Cybersecurity in Operational Technology (OT) has become an important topic now all devices become interconnected. Security standards help prioritize and guide the implementation of cybersecurity measures.

IEC 62443 is an international series of standards that address cybersecurity for operational technology in automation and control systems. In this project the technical requirements of the security standard should be applied to one of the Televic GSP devices, and all services running on it.

The device which would be used in this project is an ICOM device (photo: https://confluence.televic.com/download/attachments/224929757/Box-pc.pn…).

This is a Passenger Information System device in the train which is responsible for:

* Train-to-wayside connectivity: This device runs software to connect the train network with cloud services via LTE/WiFi

* Central train server: This device host media (video, images, real-time data for example bus connections) for other Passenger Information Systems in the train network (for example: TFT displays in the train which show passenger announcements during the train trip)

As a master thesis:

1. Evaluate the current state of the ICOM device on each of the security requirements of IEC62443-4.

2. Perform a gap analysis to make the device compliant the Security Level 2 of the IEC 62443-4 standard

3. Propose and implement fixes for each of the security requirements. Some examples:

* Add authentication on microservices coupled to Linux PAM

* Provide authorization on API's

* Configure SSL via Nginx

* OS (Debian) hardening

* Adding security logging in system log

* etc.

As an internship:

The focus of this project is limited to proposing and implementing fixes for a set of security requirements. The security improvements are on Operating System level (Linux Debian), application level (for example in Java applications, REST apis, scripts ...) and on hardware (for example boot procedure)...

If you are interested in this topic, please also register this on the Televic website at: https://www.televic.com/en/careers/internships-and-students so we can confirm the topic is still available.

 

Specifics

  • Level: Academic Master/Master
  • Specialty: Embedded/ Software
  • Type of work: Research 30%, Implem. 40%, Experim. 30%
  • Location: Televic/University
  • Type of activities: Design, Experimenting, Literature study, Programming
  • Number of students: 1 or 2

APPLY HERE!

Personal information
How would you like us to contact you?
Profile
Browse
One file only. 15 MB limit. Allowed types: pdf, docx, doc.
Browse
One file only. 15 MB limit. Allowed types: pdf, docs, doc.
Extra information
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.