ETCS KMC

An ETCS Key Management Centre (KMC) is a tool to help create and manage ETCS encryption keys (KMACs / KTRANSs / K-KMCs). These keys are necessary as part of the protocol for exchanging messages between on-board ETCS equipment and trackside ETCS equipment when operating in ETCS Level 2 and Level 3, and for securely transporting the keys to the ETCS equipment.

DARD Consulting Limited has developed an off-line KMC, which is used in the UK by Network Rail, that enables generation of SUBSET-114 and SUBSET-038 compliant messages that contain key management commands between the KMC and trains/RBCs and other KMCs. This tool has since been extended to also support on-line communications as per SUBSET-137.

Please get in touch if you would like to discuss use of this tool, would like a demonstration or if you need help with developing/verifying your own off-line or on-line key management solution.

Below are screen shots of the current version of the tool illustrating its capabilities.
Note that all ID/keys shown are randomly generated. Any connection with real IDs/keys is coincidental.

Create Transport Keys

Transport keys (KTRANS/K-KMC) can be created for RBCs, KMCs and trains. Create ETCS transport keys

Create KMACs

Keys can be created either between any 2 RBCs or between any RBC and any train. Create ETCS authentication keys

Export Keys

Once keys are created (and saved), keys can be exported either to the applicable RBC/train, or to another KMC. Export ETCS keys

Listen for on-line communications

When 'listening' the KMC responds to incoming communications from trains. Once connected and authenticated the KMC processes any pending commands to be sent to the train e.g. to add a new KMAC, to delete a KMAC. Listen for on-line communications