Even Greater Rail Safety: ETCS Key Management Center for ÖBB Modernized

The Key Takeaways

• The ETCS Key Management Center for ÖBB Infrastruktur AG was modernized to centrally manage secure key administration in railway operations.
• The system provides a reliable foundation for secure communication between vehicles and infrastructure, supporting interoperability and compliance with European railway standards.
• Online Key Exchange according to ETCS Subset-137, including TLS specifications, PKI/X.509 and OCSP, was successfully implemented in collaboration with the RBC manufacturer.
• In addition, a self-service portal for railway undertakings (EVUs) was implemented to handle key requests and vehicle management efficiently and transparently.

For ETCS to operate reliably in day-to-day railway operations, a secure foundation for data exchange between train and track is essential: digital cryptographic keys that secure communication between the OBU (On-Board Unit) and the RBC (Radio Block Centre). The ETCS Key Management Center (KMC) centrally manages the entire key lifecycle – from request and provisioning to complete traceability.

Evolit modernized and enhanced this KMC for ÖBB, ensuring that security, compliance with standards and practical operational workflows work seamlessly together for all stakeholders involved.

Initial Situation & Challenges: Complex Standards, Multiple Stakeholders, One Critical Process

In the ETCS ecosystem, multiple roles interact: infrastructure managers, vehicle owners and railway undertakings (EVUs). To ensure smooth operations, key processes must not only be “maximally secure” but also designed to function reliably in daily operations without requiring manual workarounds.

The core challenge of the KMC project was to implement a technically highly complex subject in a way that ensures operational stability while fully complying with all standards.

From a technical perspective, the project involved a comprehensive further development of the existing system, with a strong focus on interoperability and current specifications. Particularly demanding was the design and implementation of the European requirements for Online Key Exchange according to ETCS Subset-137, including the associated TLS requirements.

At the same time, existing (partly proprietary) RBC interfaces from the legacy system had to be maintained, key data securely and consistently stored, and the solution seamlessly integrated into ÖBB’s network and authentication landscape (Identity Provider). In addition, the self-service offering for EVUs/vehicle owners needed to be embedded in a way that ensured end-to-end traceability and operational robustness for key requests, provisioning and status tracking.

Analysis & Approach: Iterative Implementation of ETCS Specifications and User-Friendly Workflows

To implement the requirements precisely, the target vision, process logic and necessary adjustments were developed jointly with ÖBB in iterative specification workshops. The focus was on clearly defined workflows: from key request and processing in the infrastructure KMC to secure provisioning in the EVU portal, including status visibility, permissions and full traceability.

Architecture and implementation followed two clearly defined perspectives:

• Infrastructure KMC: Central key operations, processing and integration with RBCs
• On-board KMC / EVU Portal: Self-service for vehicle management and key requests (“Home-KMC as a Service”)

A modern, scalable web architecture was implemented: the frontend is built as a multilingual Angular single-page application, the backend is based on Java Spring Boot, and PostgreSQL is used as the database.

In addition, core operational and security aspects were embedded directly into the solution – including Identity Provider integration for authentication and authorization, secure storage of key data, and audit-ready traceability through long-term log retention and analysis within ÖBB’s central logging solution.

To ensure stable operation in the ETCS environment, the system also supports online interfaces with monitoring, locking mechanisms to prevent conflicting key operations and functions such as re-initialization as well as support for geo-redundant RBC setups.

Results & Benefits: Secure ETCS Key Management with Subset-137 Online Key Exchange and Audit-Ready Operations

With the modernization of the KMC, key management within the ETCS environment was not only technically updated, but above all made operationally robust, scalable and audit-ready. In practical terms, this means less manual effort, clearer processes and a reliable foundation for operating ETCS communication securely and interoperably over the long term.

Tangible benefits in daily operations: Key processes – from request to provisioning – run end-to-end and with full traceability, reducing sources of error and shortening processing times. At the same time, the central platform provides full transparency regarding status, permissions and responsibilities, significantly facilitating collaboration between infrastructure managers and EVUs.

Measurably enhanced security and compliance: Complete traceability, long-term log retention and evaluable audit trails enable key operations to be clearly verified even retrospectively. This improves audit reliability and supports both internal and external audit and compliance requirements without creating additional manual documentation overhead.

Interoperability and future readiness: The implementation of current standards, including Online Key Exchange according to ETCS Subset-137, strengthens connectivity within the European ETCS ecosystem and reduces integration efforts with interface partners. This makes the solution a resilient foundation for extensions, additional vehicle fleets and growing requirements in ETCS operations.

Risk minimization through phased rollout: The implementation was carried out in multiple releases, allowing new features to be validated under real operating conditions and deployed with minimal risk. This is a decisive success factor for mission-critical systems in live railway operations.

Close coordination between the infrastructure manager, system manufacturers and EVUs, as well as a shared understanding of regulatory and operational requirements, were key success factors.