ACCESS
Review Article
Volume 2, Article ID: 2025.0020
Zhihang Zhang
23125148@bjtu.edu.cn
Feng Wang
feng.wang@bjtu.edu.cn
Peng Li
lipeng@bjtu.edu.cn
School of Automation and Intelligence, Beijing Jiaotong University, Beijing 100044, China
* Author to whom correspondence should be addressed
Received: 08 Apr 2025 Accepted: 24 Aug 2025 Available Online: 25 Aug 2025 Published: 05 Oct 2025
This paper systematically investigates the data privacy protection strategies in railway transportation systems, with a particular focus on the unique requirements of train coupling/decoupling scenarios. In such dynamic, distributed environments, existing passive security mechanisms and centralized architectures often fail to ensure secure data exchange and privacy preservation, particularly when computational resources are limited. To address these challenges, decentralized data-sharing technologies and privacy-preserving computation methods suitable for heterogeneous train networks were reviewed. Furthermore, we propose a blockchain-based asymmetric encrypted storage framework and a collaborative computing architecture based on federated learning, both tailored to the operational constraints of modern high-speed trains. Our approach integrates container virtualization, secure consensus protocols, and differential privacy techniques to enable traceable, tamper-proof, and privacy-aware data processing. Finally, this paper outlines future research directions concerning quantum-resistant security architectures and adaptive privacy mechanisms that can support the evolving needs of intelligent railway systems.
Rail transportation has been widely adopted owing to its high transport capacity, safety, cost-effectiveness, and environmental sustainability. It is foreseeable that railway transportation is expected to remain vital to global transportation systems, addressing future challenges such as longer transport distances, increasing passenger flows, and the growing demand for sustainable mobility. China holds a leading position in the railway sector, particularly in high-speed rail. Statistics indicate that at the end of 2023, China’s total railway operational mileage had reached 159,000 km, with high-speed rail (HSR) covering 45,000 km. Additionally, over 4300 electric multiple units (EMU) have been in service, accounting for 68.8% of the world’s total HSR mileage. According to the Chinese government’s plan, the total railway operational mileage is expected to expand to 165,000 km by 2025, with 50,000 km of HSR. The rapid development of high-speed rail sets higher standards for the safety, reliability, and operational efficiency of EMUs. As the central system of EMUs, the existing train network control system is a typical distributed onboard control system that facilitates seamless integration between onboard equipment and ground infrastructure. It facilitates vehicle data communication, train-to-ground information exchange, and supports train control functionalities. The system architecture is illustrated in Figure 1. 1.1. Analysis of the Current Status of Train Network Control The train network control system provides centralized control, monitoring, and basic diagnosis. However, further improvements in train safety, reliability, and operational efficiency pose challenges due to the limited digitization of onboard devices, the lack of autonomous train operation, and insufficient intelligent decision-making. The core challenges may be addressed by using a comprehensive spatiotemporal perception of the operating environment, real-time dynamic monitoring of train equipment status, and data-driven operational decision-making and control. Nevertheless, due to the integration of third-party systems (e.g., the Passenger Information System (PIS) interfacing with ticketing systems) and the semi-open nature of train-ground communication networks, the train network faces critical challenges such as low data security, slow information transmission, and ineffective data integration and utilization. These challenges include the following aspects: Low Data Security Due to Reliance on Traditional Passive Protection Measures The train network control system primarily relies on conventional boundary-based security mechanisms such as firewalls. However, embedded units with limited computational resources and cross-platform characteristics may fail to support advanced security features. Additionally, inherent vulnerabilities in operating systems expose the network to external attacks in partially open environments, creating a complex challenge for safeguarding train network data. Privacy Disparities Impeding Secure Data Sharing Across Multi-Vendor Equipment During the train operation, computational units often experience insufficient processing limitations. For instance, the onboard Prognostics and Health Management (PHM) unit of the Fuxing Hao Train monitors over 3000 data points while simultaneously performing real-time fault diagnosis and predictive alerts, occasionally encountering computational bottlenecks. Thus, collaborative support from idle computational units is necessary. However, differences in privacy policies across equipment from different vendors, along with varying security levels, combined with insufficient mechanisms for secure sharing and privacy protection, hinder cross-unit data sharing and collaborative resource utilization, ultimately reducing task execution efficiency. Challenges in Efficient and Trusted Transmission of Sensitive Data in Semi-Open Communication Environments Autonomous train operation and health management rely heavily on the accurate collection and efficient transmission of sensitive data, such as environmental perception data and equipment status information. However, train-to-ground communication relies on hybrid public–private networks: public networks provide high bandwidth but lack reliability, whereas private networks ensure higher security at the cost of reduced transmission speed. Consequently, the balance between transmission efficiency and security in semi-open environments remains a significant challenge. On the other hand, considering the heterogeneous nature of train network resources, the sensitivity of inter-resource interactions, and the semi-open nature of communication networks, constructing a decentralized data security framework and a privacy-preserving computing architecture for high-speed railway networks raises the following challenges: Comprehensive Distributed Security Protection for Train Network Data in Heterogeneous Resource Scenarios Autonomous train operation and equipment health management rely on the collaboration of distributed computing and storage resources within the train network control system. However, system vulnerabilities will be introduced due to hardware diversity, including variations in device origin, model, and specifications, coupled with software heterogeneity across multiple vendors with different functionalities, performance levels, and cross-platform operations. These factors increase the complexity of data backup, access control, and identity authentication, bringing challenges to the establishment of a unified security framework. Ensuring Secure Data Sharing in Train Coupling Scenarios Collaborative resource utilization within the train network control system fundamentally relies on data sharing and integration across different units. However, frequent coupling and decoupling of different types of trains with varying configurations lead to dynamic network topologies and heterogeneous data structures, thus bringing complicated centralized management. Additionally, privacy disparities among multi-vendor units, along with varying privacy policies, severely hinder secure data sharing and integration. Furthermore, the increasing number of wireless access points in coupled trains raises the risk of external intrusions, amplifying threats of data tampering and leakage. Therefore, secure cross-unit data sharing in such dynamic environments remains a critical challenge. Real-Time Secure Interaction of Sensitive Data in Semi-Open Communication Environments In the train network control system, the interactions between onboard units and train-ground systems involve high-concurrency transmission of safety-sensitive data, such as control commands, equipment status, and PIS-related ticketing data. However, the hybrid public-private wireless communication networks, where public networks offer high speed but low security, and private networks prioritize security at the cost of bandwidth, make it difficult to achieve the optimal balance between transmission efficiency and data protection. The above analysis indicates that, to enhance autonomous operation and intelligent health management in high-speed railways, it is essential to establish robust data security mechanisms that support shared and collaborative processing within train network control systems. Future issues may include decentralized storage features, as well as advanced technologies such as trusted computing, blockchain, and federated learning. Scientific Problem Statement Although numerous studies have explored data privacy and security in intelligent railway systems, most existing approaches either rely on passive protection mechanisms or lack compatibility with dynamic coupling/decoupling scenarios. Moreover, evaluation frameworks for current methods often overlook real-time performance, cross-unit interoperability, or resilience to emerging threats (e.g., adversarial attacks or quantum computing risks). For instance, traditional cryptographic schemes cannot be seamlessly deployed on low-power onboard devices, and centralized architectures face bottlenecks in data integration and decision-making. Moreover, existing assessments seldom take into account the distinctive structural and operational constraints inherent to high-speed train environments. These limitations form the core problem that this paper seeks to address, i.e., how to design a scalable, secure, and privacy-preserving data sharing and processing architecture for semi-open, heterogeneous, and dynamic train networks. 1.2. Research Objectives and Contributions Despite the growing body of research on privacy and security, their applicability to railway environments is often overlooked. To address this issue, this paper reviews current decentralized data sharing methods and privacy-preserving techniques, and discusses their feasibility for application in railway contexts. The review of relevant studies on train data privacy protection is shown in Table 1. Review of relevant studies on train data privacy protection. Summary of Contributions To address the identified challenges, this paper provides the following key contributions: We conduct a comprehensive and structured review of existing decentralized data sharing and privacy-preserving techniques, highlighting their strengths, limitations, and applicability to the railway domain. We design a blockchain-based asymmetric encryption framework tailored for secure data storage and cross-train communication in coupling/decoupling scenarios. We propose a federated learning-based collaborative computing framework that ensures privacy-preserving data sharing while addressing computational constraints in onboard environments. We identify and discuss future research directions, including quantum-resistant security architectures and adaptive privacy mechanisms suitable for intelligent railway systems. The scope of this study is confined to train onboard data exchange and collaborative modeling in coupling/decoupling scenarios. It does not cover trackside infrastructure security, emergency communication protocols, or energy systems. The rest of this paper is organized as follows: Section 2 conducts a layered analysis of emerging technologies potentially applicable to current railway transportation. Section 3 discusses existing decentralized technologies and their application scenarios. Section 4 analyzes some typical privacy-preserving techniques. Section 5 summarizes the findings and proposes a blockchain-based encrypted storage and collaborative computing architecture. Section 6 concludes the paper and outlines future research directions.
Table 1:
References
Field
Contribution
Upcoming Issues
Chen et al. [1]
Detection and Diagnosis of Faults
The data-driven methods proposed in this paper (e.g., edge computing and transfer learning) can reduce sensitive data exposure through local data processing and model sharing, thereby indirectly enhancing privacy protection.
Core privacy-preserving technologies, such as data encryption and anonymization, are not explicitly addressed, and the privacy risks associated with centralized data storage and transmission remain insufficiently explored.
Sun et al. [2]
Train Control Network
The paper advocates employing end-to-end encryption, rigorous access control, and integrated intrusion detection to protect the high-speed train operational data, while ensuring standardization and intelligent defense.
Current studies focus on isolated technical validations, without considering a universal security framework, real-time monitoring, and an empirical support mechanism.
Kour et al. [3]
Railway Infrastructure
The paper proposes a blockchain-based “edge-cloud” collaborative architecture combined with lightweight encryption schemes to achieve data integrity protection and privacy enhancement. Additionally, blockchain technology is applied to maintain registration systems, ensuring trustworthy maintenance data.
In addition to rolling stock and signaling systems, energy and human factors should also be considered, along with the security assessment of third-party devices, particularly in the context of LTE-R (Long Term Evolution–Railway) and 5G (Fifth Generation) networks.
Zubaydi et al. [4]
Internet of Things
The blockchain technology ensures data integrity and privacy through decentralized storage and smart contracts, combined with lightweight encryption schemes. Consortium blockchain architectures enhance scalability and security, making them well-suited for the reliable sharing of multi-source high-speed train data.
Blockchain may be used, considering high resource consumption and real-time data processing. Comprehensive security assessments are necessary for railway-specific communication protocols and for addressing potential security risks associated with the integration of third-party devices.
López et al. [5]
Railway Transportation Systems
The article emphasizes the role of blockchain and AI technologies in enhancing data privacy, while underscoring the need for standardized frameworks and increased user awareness to ensure secure railway systems. Enhanced LTE-R protocols and AI-driven anomaly detection improve real-time data protection.
Detailed exploration is needed for data encryption specifics and emerging technologies (e.g., quantum encryption), with analysis of technical feasibility and cost-effectiveness in practical deployment, to address the security risks of third-party device integration.
Wang et al. [6]
Mobile Smart Devices
Privacy techniques in mobile crowd sensing, such as k-anonymity, homomorphic encryption, and differential privacy, can protect identity, location, and content privacy of high-speed train data.
Existing solutions rely heavily on trusted third parties, vulnerable to single-point attacks; high computational/communication costs may affect real-time performance.
Yang et al. [7]
Cloud Storage
Attribute-Based Encryption (ABE) and searchable encryption enable fine-grained access control and secure retrieval of high-speed train data; integrity schemes prevent tampering, while anonymous CP-ABE further enhances privacy
The fully homomorphic encryption brings higher computational costs for real-time processing; existing models assume semi-honest clouds, overlooking malicious adversaries; practical solutions are needed for real-time encryption and transmission efficiency in massive dynamic datasets.
Rafiq et al. [8]
Big Data Applications
Differential privacy and k-anonymity can enhance data anonymization, while hierarchical security frameworks can support systematic protection of multi-source data.
Optimization for real-time dynamic data streams is needed to improve the efficiency of encryption in high-frequency processing.
Khan et al. [9]
Future Transportation System
A novel paradigm for collaborative intelligent systems is introduced, featuring a standardized multi-layer lifecycle and optimized data management for federated learning. A secure modular framework based on distributed ledger technology (DLT) is designed to ensure transaction integrity across network nodes.
Current implementations of cloud, fog, and edge computing lack efficient coordination in transportation data management, often resulting in high latency and significant resource overhead.
2.1. Hardware Layer The train communication network (TCN) serves as a fundamental component of railway communication systems, interconnecting onboard equipment to facilitate efficient data exchange and ensuring the coordinated operation of train control systems. In June 1996, the establishment of IEC 61375 and UIC 556 [10] as international standards set a foundation for intra- and inter-vehicle communication, promoting the interoperability among vehicles from different manufacturers and fostering the development of the railway industry. However, railway systems rely heavily on onboard and trackside sensor networks, which expose the systems to a variety of security threats. By reviewing standards and evaluating railway cyberattack cases, this paper identifies vulnerabilities in current communication protocols and proposes a hierarchical security framework for railways. This framework integrates multiple methodologies to enhance network resilience [11]. With technological advancements, the demand for communication in trains has grown significantly. While facing external security threats, the internal communication design, which has aged over time, requires updating to accommodate escalating data demands. The fog radio access network is regarded as a promising solution; however, its stringent performance requirements constrain its applicability in complex railway communication scenarios. Some studies use dynamic network power allocation methods to reduce total network costs. For example, optimizing the instantaneous power distribution of remote radio heads under multiple Quality of Service (QoS) constraints leads to a reduction in network power [12]. Embedded systems onboard trains now demand enhanced security measures to prevent program failures or privacy breaches resulting from cyberattacks. The Security Monitoring Unit (SMU)-integrated embedded system, as a System-on-Chip (SoC) module, ensures secure program execution and data processing, detects unauthorized instruction modifications and three types of data tampering attacks, and maintains minimal performance overhead, balancing security and resource efficiency [13]. Beyond train control systems, edge devices such as door control units also face security threats. A hardware root-of-trust architecture tailored for low-power edge devices was proposed, featuring an accelerator-based SoC design. This architecture protects the execution environment integrity in uncontrolled deployment scenarios by isolating application software and safety-critical software states through access policies, achieving robust protection with minimal hardware cost [14]. To counter emerging quantum computing threats, traditional asymmetric encryption methods need to be enhanced. A post-quantum secure boot solution was proposed and fully implemented in hardware. This research employs the Extended Merkle Signature Scheme, a hash-based method, which demonstrates competitive performance compared to fully hardware-implemented Elliptic Curve Digital Signature Algorithm solutions [15]. The Train Control and Monitoring System enhances train efficiency and safety to some extent. However, as railway systems increasingly rely on automation, control, and communication technologies, networked control systems expose them to more cyber-physical security threats. Some studies analyzed system vulnerabilities, discussing the direct impacts of various attacks on functionalities and potential cascading consequences. Specifically, a systematic security risk assessment methodology was proposed, providing a reference for future railway security measures [16]. 2.2. Software Layer Software security challenges in railway communication networks arise from multiple risk factors, including cross-platform compatibility, operating system vulnerabilities, software updates and maintenance, software design, and data privacy. TCN relies on message buses, which makes it challenging to support distributed monitoring and intelligent fault diagnosis in complex environments. A study proposed a layered ontology model that integrates Ethernet/IP protocols with Common Object Request Broker Architecture (CORBA) middleware to establish a three-tier architecture encompassing subsystem, carriage, and train levels. This approach achieves structured representation and reasoning of domain knowledge through semantic modeling, offering mechanisms for lifecycle management, service discovery, and information aggregation to enhance fault diagnosis and maintenance efficiency [17]. Similarly, another study introduced a flexible hierarchical architecture leveraging Software-Defined Networking and Network Function Virtualization for dynamic network orchestration, Multi-access Edge Computing to reduce latency for critical services, blockchain to strengthen data security, and AI to optimize resource scheduling and fault prediction. Some studies further proposed end-to-end network slicing schemes tailored for Ultra-Reliable Low Latency Communication (URLLC), evolved Mobile Broadband, and massive Machine-Type Communication (mMTC) [18]. Given the growing demands for high availability, scalability, and efficient utilization of hardware resources in railways, migrating safety-critical applications from traditional hardware platforms to cloud-based platforms offers a viable solution. After comparing two widely used virtualization technologies, KVM and Xen, the study analyzed their suitability for meeting stringent security and real-time requirements in railway systems. The RT-Cloud framework, based on commercial off-the-shelf hardware, enables resource sharing via virtualization to reduce costs and improve flexibility. Additionally, a novel resource management layer was proposed to ensure effective resource allocation for real-time safety-critical applications [19]. However, the complex structure and ambiguous boundaries of railway communication networks introduce security threats like information leakage and malicious access when cloud computing is adopted. To address this, a zero-trust security model was proposed, utilizing blockchain and Merkle trees to construct a distributed identity storage scheme. The model incorporates proxies for mutual authentication with cloud servers, enhancing system security, efficiency, and stability while preventing malicious external devices from compromising safety [20]. 2.3. Network Layer The traditional Global System for Mobile Communications–Railway (GSM-R), based on 2G technology, exhibits inherent limitations, including outdated protocols and weak encryption. In contrast, emerging 5G/WiFi-integrated architectures enhance the transmission efficiency but introduce new attack risks. A study proposed a multidimensional threat analysis framework [21]. This framework incorporates advanced encryption protocols, multi-factor authentication, and network slicing as mitigation strategies. Through threat modeling and component-level security enhancements, this framework significantly improves the anti-jamming capabilities of railway communication networks. To address similar opportunities and challenges, another study adopted 5G technology as pivotal for future railway mobile communication systems. Key 5G features, including flexible subcarrier spacing, massive MIMO, network slicing, URLLC, and mMTC, provide robust support for the next generation of the railway industry [22]. External threats, such as signal jamming attacks, also affect the train’s operational safety. A frequency hopping spread spectrum-based jamming mitigation method was investigated, demonstrating promising results in simulated environments [23]. To address the lack of decentralized authentication in existing communication protocols, a blockchain was integrated to enhance the Communication-Based Train Control (CBTC) network security [24]. When combined with a partially observable Markov decision process, this approach derives an optimal adaptive consensus strategy that balances network security and efficiency, thereby mitigating the impact of data tampering attacks on train operations. Similarly, with the leveraging of spread spectrum technology, a study proposed direct sequence spread spectrum using a cryptographically secure pseudo-random number generator [25]. This method transforms an attacker’s jamming signal into Gaussian noise post-reception, effectively suppressing the interference. For Sybil attacks, a novel CBTC system was designed, integrating local security authentication and collaborative security checks with asynchronous reinforcement learning based on the quantized age of information [26]. This system achieves higher probabilities of Sybil attack detection and defense. For growing service demands and limited broadband resources in train environments, a RAN slicing-based wireless train communication network was introduced [27]. By employing joint bandwidth optimization and terminal clustering algorithms, this architecture efficiently allocates slice bandwidth to train control services, passenger information services, and train sensing services, improving system performance. Another study integrated AI with classical optimization techniques, demonstrating the effectiveness of deep learning and game theory in joint optimization. For instance, federated learning was utilized to balance the bandwidth and training latency while preserving privacy [28]. Specifically, in millimeter-wave train-to-ground communication systems, researchers have integrated full-duplex technology with onboard mobile relays to improve system capacity and performance. Thus, a low-complexity transmission scheduling algorithm was designed [29]. The data security and privacy protection of railway systems require multi-level collaborative innovation. At the hardware level, security monitoring units and post-quantum cryptographic mechanisms enhance protection capabilities. However, scalable solutions are urgently needed to address aging infrastructure. At the software level, the integration of a zero-trust architecture and intelligent resource management aims to balance cloud adoption needs, but the real-time performance remains a challenge. At the network level, the adoption of 5G integration, anti-interference technologies, and network slicing enhances communication reliability, while simultaneously ensuring compatibility with legacy protocols. Future efforts should focus on post-quantum cryptographic systems, standardized security evaluation frameworks, and adaptive coordination mechanisms to address systemic risks posed by quantum computing, cross-domain attacks, and heterogeneous network integration. These efforts will contribute to building a resilient and efficient intelligent railway security ecosystem.
Decentralized systems can effectively address privacy leakage issues caused by single points of failure. This section reviews existing decentralized data security sharing technologies and their applications. 3.1. Distributed Technologies Distributed technologies improve the availability, scalability, fault tolerance, and flexibility of train network control systems. These benefits are achieved by distributing tasks and data across multiple computational nodes. This approach distributes system components across nodes, enabling collaborative operation in networked environments [30]. Azad et al. [31] designed a hierarchical, parallel, and scalable distributed I/O system for dispersed database storage. This system integrates GPU kernel acceleration with a combined BLAS library to enable rapid algorithm development. To address data integrity verification, Zhang et al. [32] proposed a multi-file, multi-replica batch auditing scheme. This approach reduces storage cost while enhancing security. The performance of metadata services significantly impacts the overall distributed system performance [33]. Gao et al. [34] introduced the first machine learning-based DeepHash model, which preserves metadata locality and balances loads across metadata servers. Zhang et al. [35] proposed a novel solution designated as SMURF to enable the distributed continuum caching and semantic locality-aware prefetching strategy, thereby achieving reliable low-latency transmission. Rapp et al. [36] proposed DISTREAL, a resource-aware adaptive learning mechanism for distributed training. This approach targets heterogeneous and resource-constrained environments within machine learning-driven distributed computing engines. Wang et al. [37] developed a robust distributed deep forest framework using a two-stage pre-aggregation method to adjust class vector granularity, accelerating task recovery with minimal system resources. For intrusion detection, Liu et al. [38] designed a hierarchical distributed intrusion detector tailored to industrial cyber-physical systems, providing comprehensive security protection by aligning with layer-specific system architectures and attack patterns. 3.2. Blockchain Technology To mitigate the limited encryption capabilities of distributed technologies, blockchain enhances data security through cryptographic techniques and consensus algorithms, ensuring transaction transparency and immutability. Wu et al. [39] proposed a blockchain-based attribute proxy re-encryption data sharing strategy. This strategy dynamically updates distributed key generation methods to mitigate the risk of key leakage. To enhance encryption/decryption security, Shalini et al. [40] replaced traditional key distribution with quantum key distribution. Zhang et al. [41] developed a privacy-preserving data security sharing model for blockchain-driven Industrial Internet of Things (IIoT) environments. Khan et al. [42] proposed a novel architecture, BDLT-IoMT, which integrates blockchain distributed ledger technology with Support Vector Machine (SVM)-based machine learning. By embedding SVM algorithms into the blockchain framework, the architecture enhances data classification, resource scheduling, and node communication efficiency, thereby addressing computation overhead and scalability challenges in distributed environments. In industrial collaboration, Guo et al. [43] designed a hybrid concurrency control protocol on a blockchain architecture, resolving consistency and concurrency challenges in heterogeneous data sharing. Yuan et al. [44] introduced CoopEdge+, a blockchain-based decentralized platform. It addresses collaborative computation challenges in scenarios involving untrusted edge servers. Recent studies have explored the integration of blockchain with trusted hardware to enhance privacy and performance. Wang et al. [45] proposed a novel architecture named HybridChain, which combines blockchain with trusted execution environments (TEEs) and decouples computation from consensus via a hierarchical network structure. This design improves both the confidentiality and performance limitations of traditional blockchain systems. Similarly, Liu et al. [46] addressed the mismatch between on-chain and off-chain environments by designing a cost-efficient mapping protocol based on TEEs. Their work presents a comprehensive analysis of attack resilience and offers valuable guidance for future secure implementations. In another line of research, hardware security modules (HSMs) have been utilized to ensure robustness and trustworthiness in blockchain-based applications. Castillo et al. [47] proposed an efficient integration scheme of HSMs with public key cryptographic algorithms and blockchain systems, thereby establishing a trusted root for all monitored data extraction processes. To enhance encrypted search capabilities, Guo et al. [48] incorporated Dynamic Searchable Symmetric Encryption (DSSE) into blockchain systems to support forward-private encrypted queries. They further introduced a hybrid indexing mechanism to offset performance overhead induced by DSSE. In parallel, Linoy et al. [49] developed a distributed computing platform supporting smart contracts, where queries are transformed into MapReduce tasks executed on Hadoop to improve computational efficiency. Security is preserved through encryption and proxy-based mechanisms. Khan et al. [50] designed a lightweight consensus mechanism based on advanced practical Byzantine Fault Tolerance, tailored for resource-constrained IoMT scenarios. By combining edge computing with hybrid encryption techniques, the framework enables lightweight authentication suitable for low-power devices, effectively overcoming the limitations of conventional blockchain systems in such environments. 3.3. Federated Learning Technology Federated Learning (FL), emerging as a solution to data privacy concerns, aims to address challenges associated with centralized data warehouses. However, risks such as model inversion and model extraction attacks continue to pose threats of data leakage. Researchers have integrated privacy and secure computation methods into FL. Guo et al. [51] applied a two-tier differential privacy mechanism to protect privacy in cloud-edge-device training models. Huang et al. [52] addressed the trade-off between privacy protection and cost in FL with differential privacy by proposing a Stackelberg game-based framework, incentivizing client-server collaboration through reward mechanisms. Wang et al. [53] introduced a differential privacy strategy based on non-Gaussian noise. This method encrypts and decrypts local features, thereby complicating statistical inferences and deterring potential attackers. However, these methods belong to passive defenses. Facing system-level challenges such as device heterogeneity, most synchronous FL paradigms suffer inefficiency due to the straggler effect. Li et al. [54] proposed a theoretically driven multi-stage adaptive private algorithm to balance the model utility and privacy in differentially private asynchronous FL. Homomorphic encryption (HE), superior in complexity to differential privacy, integrates privacy protection into FL. Xu et al. [55] applied HE to FL and smart contracts, resolving privacy and trust issues in industrial IoT. Jing et al. [56] enhanced a multi-key homomorphic encryption protocol, encrypting model updates via aggregated public keys before server-side aggregation, with improved accuracy and cost efficiency. While distributed technologies eliminate single-point privacy leaks, the blockchain ensures data security through immutability and encryption. Moreover, although Federated Learning (FL) enables model training without direct data sharing, the semi-open nature of train network control systems, coupled with limitations in encryption performance, hinders standardization and interoperability across systems. Consequently, this restricts the efficiency and scope of data sharing. These challenges warrant further investigation.
Secure data-sharing technologies help mitigate computational resource constraints, protect sensitive information, and ensure data integrity. However, distrust among data owners, combined with leakage risks and conflicting interests, elevates maintenance costs and data-related risks, despite increasing demands for data sharing. 4.1. Privacy-Preserving Computational Methods Existing privacy-preserving methods are frequently integrated with FL. For instance, differential privacy is commonly used to protect data by introducing noise to raw data or model outputs. He et al. [57] applied the local differential privacy to train clustered FL models. This approach performs model training using heterogeneous IoT data while minimizing noise and reducing communication costs. Ren et al. [58] proposed a secure distributed stochastic approximation method combining FL and differential privacy, optimizing the power system performance while preserving the privacy. Wei et al. [59] designed a privacy-preserving FL scheme for deep learning. By integrating the secure multi-party computation (SMPC) with differential privacy, this method prevents data theft and mitigates risks of malicious inference from shared global information. Despite these benefits, computational resource limitations and algorithmic complexity in train network control systems, arising from large data volumes and hierarchical structures, continue to constrain response speed, accuracy, and scalability. In railway applications, decentralized data sharing and privacy methods are widely adopted. For instance, Zhang et al. [60] combined distributed optimal control algorithms with virtual platooning for real-time train unit control. Zhang et al. [61] proposed a blockchain-based cloud key management system for high-speed railways, enhancing communication security and reducing latency. Liang et al. [62] leveraged Edge Intelligence to provide real-time services for Urban Rail Transit, designing a blockchain-based trust management mechanism to improve learning efficiency and resource utilization. For fault diagnosis, Qin et al. [63] proposed the enhanced FL using wavelet packet decomposition to reduce the computational costs and using SecureBoost for training local diagnostic models. For traffic data sharing, Jiang et al. [64] employed the blockchain for multi-party secure collaboration, addressing data flow barriers in railways. Although decentralized systems eliminate single-point failures, use encryption to prevent leaks, reduce latency, and enhance reliability, existing methods still show shortcomings, such as: Complex data protection levels and device heterogeneity in train networks. Uncontrolled computational costs and performance of edge devices. Limited focus on multi-network interactions in railway systems. 4.2. Sensitive Data Transmission Methods Lim et al. [65] investigated threats to data integrity in balise transmission modules. Their study focused on challenges arising from the informatization of train-ground communication. Using high-fidelity simulations to study risks from data integrity attacks, a secure hybrid train speed controller was designed, though with limited efficiency. Vahidi et al. [66] proposed a transmitter-receiver architecture for data transmission and detection in 6G communication systems between high-speed trains and base stations. To address emerging demands for train network informatization, Wang et al. [67] adapted and refined a deep convolutional neural network model (AlexNet). By enhancing network layers and learning capabilities, their approach achieved high data transmission security without compromising prediction accuracy. For fault diagnosis, Du et al. [68] introduced a federated transfer learning framework for fault diagnosis. This framework provides an effective solution for zero-shot fault diagnosis in high-speed train bogies. Saki et al. [69] proposed three algorithms for optimal access point placement to enhance wireless train-ground communication, thus improving the data transmission reliability. To meet the increasing requirements for reliability and latency in railway mobile data communication, Wang et al. [70] designed a parallel redundancy protocol for railway wireless networks, ensuring robust data exchange between onboard and trackside devices. While novel wireless systems enhance the transmission speed, stability, and security, their design complexity and high costs often limit the functional realization. In railway data security frameworks, Chan et al. [71] proposed a security deployment framework as a reference for cybersecurity testing. Luo et al. [72] enhanced the timeliness, reliability, and security of data transmission by leveraging data mining and digital mobile communication, specifically tailored to the characteristics of railway operational and train-control data. Soderi et al. [73] developed a cybersecurity assessment procedure and a network range-based method to simulate and validate the railway network system security. For railway environmental monitoring, Wang et al. [74] introduced an energy-balanced data transmission strategy for linear wireless sensor networks, addressing real-time, energy-efficient, and robustness demands. Wu et al. [75] designed a fuzzy algorithm-based 3D laser scanning data transmission system, significantly reducing the packet loss rates. It should be noted that existing methods primarily rely on encryption algorithms and intrusion detection systems to partially safeguard the security of sensitive data. Meanwhile, novel wireless systems and data exchange technologies have been developed to enhance the transmission efficiency. However, due to the inherent limitations and semi-open nature of train-ground communication networks, balancing security and efficiency remains challenging. Thus, achieving efficient and trustworthy transmission of interactive data between train-ground and intra-train network nodes remains a critical area for systematic research.
5.1. Blockchain-Based Data Security Storage Mechanism To address the traceability and tamper-proof requirements of train network data, we propose a blockchain-based secure storage mechanism. First, considering the massive data and privacy constraints in train coupling scenarios, a consortium blockchain-based network data security architecture is designed. Building upon this architecture, a Raft consensus algorithm tailored for train network consortium chains is developed to enhance consensus efficiency and support secure, high-speed data storage. A Merkle tree–based system for data integrity verification is employed to address the limitations of traditional frameworks in handling dynamic data, thereby ensuring secure and efficient storage. Given the traceability and anti-tampering needs of onboard PHM units and wireless transmission units, the proposed blockchain-based data security storage architecture is illustrated in Figure 2. To meet the demands for large-scale data storage and high-speed processing in PHM and wireless units, the efficient Raft consensus algorithm is adopted. The Merkle tree–based verification method ensures the security and integrity of the data. 5.1.1. Consortium Blockchain-Based Train Network Data Security Architecture To address the challenges of massive data storage and cross-chain sharing in train networks, a hybrid on-chain/off-chain collaborative architecture is designed. Since the operational data (e.g., equipment status, fault diagnostics) generated during train operation is enormous, directly storing all data on-chain would severely decrease the blockchain efficiency or even lead to system crashes. Thus, an off-chain distributed storage scheme is implemented: the raw data is categorized and stored locally on onboard cards and PHM units, while the blockchain records only critical metadata (e.g., data identifiers, timestamps) and the Merkle tree root hashes for integrity verification. This design maintains the tamper-proof characteristics of the blockchain while preventing overload of on-chain storage. In train coupling scenarios, a single train’s private chain must interact with other train chains. Heterogeneous data structures or divergent consensus mechanisms across private chains bring compatibility challenges. To resolve this issue, cross-chain smart contracts are deployed to build a consortium blockchain framework: Unified data exchange format standards are defined to ensure semantic consistency across chains. Cross-chain communication protocols are established, specifying identity authentication rules and encrypted transmission mechanisms. For example, when two coupled trains need to share bearing temperature data, the initiating chain triggers a cross-chain request via smart contracts. The target chain validates the request’s legitimacy, verifies data integrity via Merkle trees, and completes data synchronization through encrypted channels. The core module, i.e., the cross-chain smart contract, integrates multi-layered security controls. It employs a dynamic permission model to restrict access to data of varying security levels (e.g., general operational parameters vs. critical control commands) and utilizes timestamp and hash verification to prevent replay attacks. The consortium blockchain adopts a dynamic leader election mechanism, automatically selecting primary nodes based on real-time computational power and data interaction frequency, ensuring cross-chain collaboration stability during network fluctuations or node failures. This design achieves efficient and secure collaboration among coupled trains while preserving data traceability and privacy. 5.1.2. Raft Consensus Algorithm for Train Network Consortium Chains To meet the high-frequency on-chain storage demands of PHM units and wireless transmission units in train networks, the Raft algorithm is adopted to achieve efficient distributed consistency. Compared to traditional Practical Byzantine Fault Tolerance (PBFT) algorithms, Raft significantly reduces consensus complexity through simplified communication mechanisms, making it suitable for resource-constrained onboard environments. The leader node batches and pushes log entries to followers, completing data submission after confirmation by a majority of nodes, thereby avoiding network congestion caused by full-node broadcasts. The key mechanisms include: Dynamic Leader Election: Random election timeouts (150–300 ms) enable rapid response to node failures, e.g., electing a new leader within 10 s if a PHM unit disconnects. Log Replication Optimization: Incremental replication strategy transmits only differential log entries. Byzantine Fault Resistance: Digital signatures verify log sources to counter malicious node data forgery. 5.1.3. Merkle Tree-Based Data Integrity Verification Method To verify the dynamic train data efficiently, a lightweight Merkle tree verification framework is designed. Specifically, data streams collected by PHM units are segmented into dynamically adjustable blocks based on computational capacity. The hash values for each block are computed to construct a four-layer Merkle tree. While the root hash is stored on-chain, the complete tree structure is retained locally for rapid verification. For example, when verifying brake pressure data from a specific period, the corresponding root hash is retrieved from the blockchain, and 15% of data blocks are randomly sampled and rehashed. By comparing hash paths layer by layer in the Merkle tree, erroneous blocks can be precisely identified. Theoretically, this method significantly improves the verification efficiency over traditional CRC checks, with negligible false positives due to hash collisions. 5.2. Privacy-Preserving Data Sharing via Asymmetric Encryption and Smart Contracts To solve the issues caused by sparse fault data from individual devices in coupled trains, this study proposes a collaborative solution integrating asymmetric encryption and blockchain smart contracts, enabling cross-unit trusted data sharing through a hierarchical security architecture. 5.2.1. Asymmetric Encryption-Driven Private Chain Data Sharing Based on the train network topology (with two vehicle-level networks per train), PHM units and wireless transmission units are selected as nodes to construct private blockchains (four nodes per chain). The end-to-end secure transmission is achieved via asymmetric encryption: Nodes generate RSA key pairs, with public keys shared on-chain. Senders encrypt data using the receiver’s public key, ensuring that only authorized nodes can decrypt. Blockchain metadata tracing verifies data provenance and integrity. This approach enhances the multi-train collaborative diagnostics in coupling scenarios and mitigates risks of sensitive data exposure. 5.2.2. Cross-Chain Smart Contract-Based Data Management For secure data sharing across multiple chains in coupled trains, a hierarchical security governance architecture (Figure 3) is proposed, comprising four dimensions: Heterogeneous Chain Interoperability Protocol Layer As the foundational layer, its modular communication protocols enable trusted interconnections between private chains. Asymmetric encryption tunnels establish cross-chain channels, ensuring transmission security aligns dynamically with source-chain policies. This resolves interoperability challenges in data formats and consensus mechanisms. Multi-Dimensional Security Control Layer This layer integrates dual protection mechanisms: Dynamic Identity Authentication: A fine-grained permission matrix controls data access levels. Four-Tier Data Protection: To classify data by sensitivity (operational parameters, fault features, device identifiers, control commands) for gradient security. Smart Contract Execution Engine Layer This layer adopts verifiable cross-chain routing contract clusters with core functions: Data routing selection. Integrity checks (e.g., timestamp anti-replay mechanisms). State changes during execution are synchronized across participating chains in real time. Audit and Traceability Layer This layer establishes a blockchain-based credible audit system to record full interaction metadata. Standardized traceability APIs enable lifecycle queries for any data item, with immutability guaranteed by BFT consensus. By vertically integrating protocol, control, execution, and audit layers, this architecture establishes a full-cycle defense system, effectively mitigating replay attacks, man-in-the-middle attacks, and other threats, while maintaining data security and ensuring transparent, controllable data sharing. 5.3. Privacy-Preserving Computing-Based Secure Data Sharing and Collaborative Processing for Train Networks To address the challenges posed by high-volume fault data, computational demands, and real-time requirements in onboard PHM units, this section proposes a privacy-preserving computing framework for secure data sharing and collaborative processing. By optimizing the computational resource scheduling and leveraging idle units to supplement underpowered PHM units, this framework ensures normal operation while maintaining “usable but invisible” data privacy across heterogeneous security levels. 5.3.1. Container Virtualization-Based Resource Optimization Scheduling To resolve sudden computational demands in PHM units, a hierarchical resource scheduling strategy is implemented: Priority Allocation: High-security PHM boards are prioritized for processing sensitive core data. Dynamic Expansion via Container Virtualization: Real-Time Monitoring: Track container resource states such as power, memory, network load, and security levels. Resource Screening: Identify idle/low-load containers compliant with security policies. Dynamic Adjustment: Optimize the task allocation by adjusting CPU/memory quotas. Continuous Optimization: Enable dynamic container activation/deactivation and task migration through performance monitoring. This scheduling strategy can ensure data security and elastic computational resource scaling, as sensitive data is only processed in high-security containers. By balancing security policies and system load, a closed-loop dynamic resource management system is established, enhancing responsiveness to fluctuating demands and maximizing resource efficiency. 5.3.2. Federated Learning-Based Collaborative Data Processing To address the dual challenges of insufficient computational power and data privacy protection of onboard PHM units, a collaborative computing framework is suggested, which integrates the FL and data processing. This method achieves secure collaborative processing of high-security-level data through a distributed machine learning architecture, effectively resolving the conflict in traditional centralized computing models between sensitive data exposure risks and limited computational scalability. At the system architecture level (as shown in Figure 4), each onboard PHM unit acts as a participant in federated learning, with a localized model training mechanism. First, the raw data are encrypted locally. Next, models are independently trained based on the encrypted data, and only securely encrypted model parameter updates (e.g., gradients) are transmitted to the central aggregator. The central aggregator constructs a global model through aggregation strategies such as weighted averaging of parameters, and the optimized model is redistributed to all participating units for iterative training. This mechanism mitigates the risk of privacy leakage arising from cross-node transmission of sensitive data. To further enhance privacy protection, differential privacy enhancement techniques are implemented throughout the federated learning lifecycle. In the local training phase, the noise perturbation is injected into model gradients, preventing the reverse engineering of raw data from parameter updating. During the model distribution phase, the global model is subjected to privacy-preserving processing to mitigate the risk of model inversion attacks. With this dual-layer privacy protection architecture, the central server or malicious participants cannot identify individual data features accurately, even if they can obtain the intermediate parameters. Computational scalability: The distributed computing framework effectively integrates idle computational resources in the vehicular network, avoiding single-node computation. Data security: The dual privacy protection mechanisms ensure a high-security-level data processing ability. Model efficiency: The dynamic feedback mechanism optimizes the federated learning parameters like aggregation frequency and noise intensity, under privacy budget constraints, achieving a balance between model accuracy and convergence speed. This solution offers an innovative paradigm for edge computing in vehicular environments. By leveraging federated learning and differential privacy for optimization, the scheme achieves a balance between privacy protection, computational scalability, and model performance, thereby enabling more secure computing architectures in intelligent railway transportation systems.
This paper systematically reviews the data security and privacy protection challenges raised by modern high-speed railway transportation systems, especially in coupling/decoupling scenarios. We examine key advancements in decentralized storage, privacy-preserving computing, and trusted sharing mechanisms, analyzing security threats and mitigation strategies across hardware, software, and network layers. The study highlights the following main contributions: Decentralized Data Management: We explore how integrating blockchain with FL can enhance data traceability and privacy in railway systems. However, challenges remain in terms of interoperability among heterogeneous blockchain networks and the efficiency of consensus algorithms like PBFT in large-scale scenarios. Evolution of Privacy-Preserving Technologies: Techniques such as Differential Privacy and homomorphic encryption significantly improve sensitive data sharing security. However, challenges such as model accuracy degradation from noise injection and the need for stronger quantum-resilient methods still require further research. Communication Architectures: The integration of 5G and edge computing can improve train-ground data transmission with low latency and high reliability. However, issues related to data integrity and access control in semi-open networks remain unresolved, and the deployment costs of novel interference mitigation techniques need further evaluation. 6.1. Future Challenges Heterogeneous system coordination, where divergent data formats and security levels across multi-vendor equipment decrease the cross-chain sharing efficiency. Privacy-computation trade-offs, especially in balancing encryption strength and real-time performance on resource-constrained edge devices. Slow dynamic threat response, with current intrusion detection systems relying on static rules and struggling to recognize emerging attacks like adversarial samples. 6.2. Potential Research Issues Quantum-resistant security architectures, focusing on the development of post-quantum cryptography methods for train networks and dynamic threat awareness mechanisms. Adaptive privacy-preserving frameworks, involving the integration of FL with Secure MPC to adjust privacy protection strength and model precision in real-time. Intelligent threat defense systems, leveraging federated reinforcement learning for distributed intrusion detection and collaborative adversarial attack recognition.
5G
5th Generation
ABE
Attribute-based Encryption
ACU
Auxiliary Converter Control Unit
BCU
Brake Control Unit
CBTC
Communication-Based Train Control
CCU
Central Control Unit
DLT
Distributed Ledger Technology
DSSE
Dynamic Searchable Symmetric Encryption
FL
Federated Learning
GSM-R
Global System for Mobile Communications-Railway
HE
Homomorphic Encryption
HSMs
Hardware Security Modules
HVAC
Heating, Ventilation, and Air Conditioning Unit
IIoT
Industrial Internet of Things
LTE-R
Long Term Evolution-Railway
mMTC
Massive Machine-Type Communication
PBFT
Practical Byzantine Fault Tolerance
PHM
Prognostics and Health Management
PIS
Passenger Information System
QoS
Quality of Service
SMPC
Secure Multi-Party Computation
SMU
Security Monitoring Unit
SoC
System-on-Chip
SVM
Support Vector Machine
TCN
Train Communication Network
TCU
Traction Control Unit
TEEs
Trusted Execution Environments
URLLC
Ultra-Reliable Low Latency Communication
WT
Wireless Transmission
Conceptualization, methodology, investigation, and writing—original draft preparation, and figure design and visualization: Z.Z.; Blockchain architecture design, project administration, funding acquisition, and writing—review and editing: F.W.; Federated learning design, supervision, research support, and writing—review and editing: P.L. All authors have read and agreed to the published version of the manuscript.
The authors declare no conflicts of interest regarding this manuscript.
This work is supported by the National Natural Science Foundation of China under Grant U2468203.
The authors would like to acknowledge the assistance of AI tools, including ChatGPT-4o, DeepSeek-R1, and Doubao-pro-1215, for their support in language translation and proofreading during the preparation of this manuscript.
[1] H. Chen, B. Jiang, S. X. Ding, and B. Huang, “Data-driven fault diagnosis for traction systems in high-speed trains: A survey, challenges, and perspectives,” IEEE Trans. Intell. Transp. Syst., vol. 23, no. 3, pp. 1700–1716, 2022. [CrossRef]
[2] C. Sun, W. Zhang, H. Wang, Y. Liu, and Z. Li, “A Review of Research on the Security of Train Control Networks,” in presented at the 2024 6th International Conference on System Reliability and Safety Engineering (SRSE), Guangzhou, China, Oct. 11–14, 2024, pp. 459–463. [CrossRef]
[3] R. Kour, A. Patwardhan, A. Thaduri, R. Karim, and U. Kumar, “A review on cybersecurity in railways,” Proc. Inst. Mech. Eng., F, J. Rail Rapid Transit, vol. 237, no. 1, pp. 3–20, 2023. [CrossRef]
[4] H. D. Zubaydi, P. Varga, and S. Molnár, “Leveraging blockchain technology for ensuring security and privacy aspects in internet of things: A systematic literature review,” Sensors, vol. 23, no. 2, p. 788, 2023. [CrossRef]
[5] P. López-Aguilar, E. Batista, A. Martínez-Ballesté, and A. Solanas, “Information security and privacy in railway transportation: A systematic review,” Sensors, vol. 22, no. 20, p. 7698, 2022. [CrossRef] [PubMed]
[6] Y. Wang, Z. Yan, W. Feng, and L. Chen, “Privacy protection in mobile crowd sensing: a survey,” World Wide Web, vol. 23, pp. 421–452, 2020. [CrossRef]
[7] P. Yang, N. Xiong, and J. Ren, “Data security and privacy protection for cloud storage: A survey,” IEEE Access, vol. 8, pp. 131723–131740, 2020. [CrossRef]
[8] F. Rafiq, M. J. Awan, A. Yasin, H. U. Khan, and M. Alotaibi, “Privacy prevention of big data applications: A systematic literature review,” SAGE Open, vol. 12, no. 2, 2022. [CrossRef]
[9] A. A. Khan, J. Yang, S. A. Awan, A. A. Laghari, and I. A. Hameed, “Artificial intelligence, internet of things, and blockchain empowering future vehicular developments: A comprehensive multi-hierarchical lifecycle review,” Hum.-Centric Comput. Inf. Sci, vol. 15, p. 13, 2025. [CrossRef]
[10] C. Schifers and G. Hans, "IEC 61375-1 and UIC 556-international standards for train communication," in presented at the VTC2000-Spring. 2000 IEEE 51st Vehicular Technology Conference Proceedings, Tokyo, Japan, 2000, pp. 1581–1585. [CrossRef]
[11] N. Ibadah, C. Benavente-Peces, and M. O. Pahl, “Securing the Future of Railway Systems: A Comprehensive Cybersecurity Strategy for Critical On-Board and Track-Side Infrastructure,” Sensors, vol. 24, no. 24, p. 8218, 2024. [CrossRef]
[12] J. Yu, R. Wang, and J. Wu, “QoS-driven resource optimization for intelligent fog radio access network: A dynamic power allocation perspective,” IEEE Trans. Cogn. Commun. Netw., vol. 8, no. 1, pp. 394–407, 2022. [CrossRef]
[13] X. Wang, Z. Zhang, Q. Hao, L. Liu, and Y. Chen, “Hardware-assisted security monitoring unit for real-time ensuring secure instruction execution and data processing in embedded systems,” Micromachines, vol. 12, no. 12, p. 1450, 2021. [CrossRef]
[14] A. Ehret, E. Del Rosario, K. Gettings, J. Solomon, and M. French, “A hardware root-of-trust design for low-power soc edge devices,” in presented at the 2020 IEEE High Performance Extreme Computing Conference (HPEC), Waltham, MA, USA, Sep. 22–24, 2020, pp. 1–6. [CrossRef]
[15] Z. Zhou, H. Liao, X. Zhao, C. Wang, and W. Shi, “Reliable task offloading for vehicular fog computing under information asymmetry and information uncertainty,” IEEE Trans. Veh. Technol., vol. 68, no. 9, pp. 8322–8335, 2019. [CrossRef]
[16] M. Rekik, C. Gransart, and M. Berbineau, “Analysis of security threats and vulnerabilities for train control and monitoring systems,” in presented at the 2018 15th International Multi-Conference on Systems, Signals & Devices (SSD), Hammamet, Tunisia, Mar. 19–22, 2018, pp. 693–698. [CrossRef]
[17] S. Verstichel, S. Van Hoecke, M. Strobbe, F. De Turck, and B. Dhoedt, “Ontology-driven middleware for next-generation train backbones,” Sci. Comput. Program., vol. 66, no. 1, pp. 4–24, 2007. [CrossRef]
[18] M. Narouwa, L. Mendiboure, H. Badis, A. Rachedi, and M. F. Zhani, “Enabling network technologies for flexible railway connectivity,” IEEE Access, vol. 12, pp. 151532–151553, 2024. [CrossRef]
[19] G. Gala, G. Fohler, P. Tummeltshammer, C. El Salloum, and A. Eckel, “RT-cloud: Virtualization technologies and cloud computing for railway use-case,” in presented at the 2021 IEEE 24th International Symposium on Real-Time Distributed Computing (ISORC), Daegu, Republic of Korea, Jun. 1–3, 2021, pp. 105–113. [CrossRef]
[20] Y. Feng, Z. Zhong, X. Sun, L. Wang, and H. Zhang, “Blockchain enabled zero trust based authentication scheme for railway communication networks,” J. Cloud Comput., vol. 12, no. 1, p. 62, 2023. [CrossRef]
[21] A. M. A. Filipe, “Analysis of Security in Railway Communication Networks based on 5G and WiFi,” Master’s thesis, Dept. Elect. Eng., Univ. Lisbon, Lisbon, Portugal, 2024. Available: https://grow.tecnico.ulisboa.pt/wp-content/uploads/2024/07/2024_AntonioFilipe.pdf.
[22] A. M. Saleh, “Exploitation of 5G communications and positioning in future railway traffic management,” Ph.D. dissertation, Dept. Railw. Eng., Univ. Birmingham, Birmingham, UK, 2023. Available: https://trepo.tuni.fi/bitstream/handle/10024/153313/SalehAbdullahMd.pdf?sequence=2.
[23] S. Lakshminarayana, J. S. Karachiwala, S. Y. Chang, K. G. Shin, and A. A. Cárdenas, “Signal jamming attacks against communication-based train control: Attack impact and countermeasure,” in presented at the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Stockholm, Sweden, Jun. 18–20, 2018, pp. 160–171. [CrossRef]
[24] H. Liang, L. Zhu, F. R. Yu, X. Liu, and T. Huang, “A cross-layer defense method for blockchain empowered CBTC systems against data tampering attacks,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 1, pp. 501–515, 2023. [CrossRef]
[25] H. Dabbaghzadeh, A. Falahati, and N. Sanandaji, “CBTC security and reliability enhancements by a key-based direct sequence spread spectrum technique,” IEEE Trans. Intell. Transp. Syst., vol. 25, no. 1, pp. 159–172, 2024. [CrossRef]
[26] X. Wang, L. Liu, L. Zhu, H. Zhang, and Y. Liu, “Joint security and QoS provisioning in train-centric CBTC systems under sybil attacks,” IEEE Access, vol. 7, pp. 91169–91182, 2019. [CrossRef]
[27] Q. Ren, S. Lin, Y. Cai, W. Ni, and X. Wang, “Resource allocation and slicing strategy for multiple services co-existence in wireless train communication network,” IEEE Trans. Wireless Commun., vol. 24, no. 1, pp. 401–414, 2025. [CrossRef]
[28] Z. M. Fadlullah, B. Mao, and N. Kato, “Balancing QoS and security in the edge: Existing practices, challenges, and 6G opportunities with machine learning,” IEEE Commun. Surv. Tutor., vol. 24, no. 4, pp. 2419–2448, 2022. [CrossRef] Fourthquarter.
[29] X. Zhang, Y. Niu, T. Yang, Z. Zhou, and L. Han, “QoS-aware user association and transmission scheduling for millimeter-wave train-ground communications,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 9, pp. 9532–9545, 2023. [CrossRef]
[30] N. Saquib, C. Krintz, and R. Wolski, “Replicated versioned data structures for wide-area distributed systems,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 1, pp. 207–224, 2023. [CrossRef]
[31] A. Azad, O. Selvitopi, M. T. Hussain, A. Buluç, and J. Gilbert, “Combinatorial BLAS 2.0: Scaling combinatorial algorithms on distributed-memory systems,” IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 4, pp. 989–1001, 2022. [CrossRef]
[32] Q. Zhang, Z. Zhang, J. Cui, H. Wang, and Y. Chen, “Efficient blockchain-based data integrity auditing for multi-copy in decentralized storage,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 12, pp. 3162–3173, 2023. [CrossRef]
[33] H. Dai, Y. Wang, K. B. Kent, M. W. Storer, and L. Liu, “The state of the art of metadata managements in large-scale distributed file systems—scalability, performance and availability,” IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 12, pp. 3850–3869, 2022. [CrossRef]
[34] Y. Gao, X. Gao, R. Zhang, S. Li, and W. Dou, “An end-to-end learning-based metadata management approach for distributed file systems,” IEEE Trans. Comput., vol. 71, no. 5, pp. 1021–1034, 2022. [CrossRef]
[35] B. Zhang and T. Kosar, “SMURF: Efficient and scalable metadata access for distributed applications,” IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 12, pp. 3915–3928, 2022. [CrossRef]
[36] M. Rapp, R. Khalili, K. Pfeiffer, D. Brunner, and J. Teich, “Distreal: Distributed resource-aware learning in heterogeneous systems,” in presented at the AAAI Conference on Artificial Intelligence, Vancouver, BC, Canada, Feb. 22–Mar. 1, 2022, pp. 8062–8071. [CrossRef]
[37] T. Wang, S. Du, and H. Cai, “CERT-DF: A computing-efficient and robust distributed deep forest framework with low communication cost,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 12, pp. 3280–3293, 2023. [CrossRef]
[38] J. Liu, W. Zhang, T. Ma, Y. Wang, and C. Liu, “Toward security monitoring of industrial cyber-physical systems via hierarchically distributed intrusion detection,” Expert Syst. Appl., vol. 158, p. 113578, 2020. [CrossRef]
[39] H. Wu, Z. Peng, S. Guo, X. Wang, and Y. Li, “VQL: Efficient and verifiable cloud query services for blockchain systems,” IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 6, pp. 1393–1406, 2022. [CrossRef]
[40] D. Shalini, K. Ashish, A. D. Dhar, S. Kumar, and P. K. Singh, “Securing IoT devices: A novel approach using blockchain and quantum cryptography,” Internet Things, vol. 25, p. 101019, 2024. [CrossRef]
[41] Q. Zhang, Y. Li, R. Wang, Z. Chen, and L. Wang, “Data security sharing model based on privacy protection for blockchain-enabled industrial Internet of Things,” Int. J. Intell. Syst., vol. 36, no. 1, pp. 94–111, 2021. [CrossRef]
[42] A. A. Khan, A. A. Laghari, A. M. Baqasah, M. A. Alqarni, and S. A. Alghamdi, “BDLT-IoMT—A novel architecture: SVM machine learning for robust and secure data processing in Internet of Medical Things with blockchain cybersecurity,” J. Supercomput., vol. 81, no. 1, p. 271, 2025. [CrossRef]
[43] T. Guo, Z. Zhang, Y. Yuan, C. Wang, and H. Li, “Hybrid concurrency control protocol for data sharing among heterogeneous blockchains,” Front. Comput. Sci., vol. 18, no. 3, p. 183104, 2024. [CrossRef]
[44] L. Yuan, Q. He, S. Tan, Z. Zhou, and W. Zhang, “CoopEdge+: Enabling decentralized, secure and cooperative multi-access edge computing based on blockchain,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 3, pp. 894–908, 2023. [CrossRef]
[45] Y. Wang, J. Li, S. Zhao, X. Chen, and H. Liu, “Hybridchain: A novel architecture for confidentiality-preserving and performant permissioned blockchain using trusted execution environment,” IEEE Access, vol. 8, pp. 190652–190662, 2020. [CrossRef]
[46] C. Liu, H. Guo, M. Xu, D. He, and S. Liu, “Extending on-chain trust to off-chain–trustworthy blockchain data collection using trusted execution environment (tee),” IEEE Trans. Comput., vol. 71, no. 12, pp. 3268–3280, 2022. [CrossRef]
[47] A. J. Cabrera-Gutiérrez, E. Castillo, A. Escobar-Molero, R. Luengo, and F. R. Rubio, “Integration of hardware security modules and permissioned blockchain in industrial iot networks,” IEEE Access, vol. 10, pp. 114331–114345, 2022. [CrossRef]
[48] Y. Guo, C. Zhang, C. Wang, X. Li, and Z. Liu, “Towards public verifiable and forward-privacy encrypted search by using blockchain,” IEEE Trans. Dependable Secure Comput., vol. 20, no. 3, pp. 2111–2126, 2023. [CrossRef]
[49] S. Linoy, H. Mahdikhani, S. Ray, R. Stutsman, and A. Kosba, “Scalable privacy-preserving query processing over ethereum blockchain,” in presented at the 2019 IEEE International Conference on Blockchain, Atlanta, GA, USA, Jul. 14–17, 2019, pp. 398–404. [CrossRef]
[50] A. A. Khan, A. A. Laghari, R. Alroobaea, M. A. Alqarni, and I. A. Hameed, “A lightweight scalable hybrid authentication framework for Internet of Medical Things (IoMT) using blockchain hyperledger consortium network with edge computing,” Sci. Rep., vol. 15, no. 1, p. 19856, 2025. [CrossRef]
[51] Y. Guo, F. Liu, T. Zhou, Z. Wang, and C. Zhang, “Privacy vs. efficiency: achieving both through adaptive hierarchical federated learning,” IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 4, pp. 1331–1342, 2023. [CrossRef]
[52] G. Huang, Q. Wu, P. Sun, X. Chen, and L. Yang, “Collaboration in federated learning with differential privacy: A stackelberg game analysis,” IEEE Trans. Parallel Distrib. Syst., vol. 35, no. 3, pp. 455–469, 2024. [CrossRef]
[53] X. Wang, J. Wang, X. Ma, Y. Zhang, and C. Liu, “A differential privacy strategy based on local features of non-gaussian noise in federated learning,” Sensors, vol. 22, no. 7, p. 2424, 2022. [CrossRef] [PubMed]
[54] Y. Li, S. Yang, X. Ren, Z. Wang, and H. Zhang, “Multi-stage asynchronous federated learning with adaptive differential privacy,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 46, no. 2, pp. 1243–1256, 2024. [CrossRef]
[55] Y. Xu, Y. Mao, S. Li, W. Chen, and L. Wang, “Privacy-preserving federal learning chain for internet of things,” IEEE Internet Things J., vol. 10, no. 20, pp. 18364–18374, 2023. [CrossRef]
[56] M. Jing, N. SiAhmed, S. Stephan, P. Baussié, and K. Huguenin, “Privacy-preserving federated learning based on multi-key homomorphic encryption,” Int. J. Intell. Syst., vol. 37, no. 9, pp. 5880–5901, 2022. [CrossRef]
[57] Z. He, L. Wang, and Z. Cai, “Clustered federated learning with adaptive local differential privacy on heterogeneous iot data,” IEEE Internet Things J., vol. 11, no. 1, pp. 137–146, 2024. [CrossRef]
[58] C. Ren, H. Yu, R. Yan, Z. Wang, and L. Zhang, “SecFedSA: A secure differential privacy-based federated learning approach for smart cyber-physical grid stability assessment,” IEEE Internet Things J., vol. 11, no. 4, pp. 5578–5588, 2024. [CrossRef]
[59] C. Wei, R. Yu, Y. Fan, X. Li, and Z. Chen, “Securely sampling discrete gaussian noise for multi-party differential privacy,” in presented at the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, Nov. 26–30, 2023, pp. 2262–2276. [CrossRef]
[60] Y. Zhang, S. Li, and L. Yang, “Distributed optimal control to virtual formation of railway trains with dynamic coupling/decoupling: An accelerated projected gradient based decomposition method,” IEEE Trans. Veh. Technol., vol. 72, no. 12, pp. 15405–15420, 2023. [CrossRef]
[61] Z. Zhang, J. Li, Y. Sun, W. Wang, and H. Chen, “Blockchain-based secure key management model for high-speed railway,” in presented at the 2022 IEEE 25th International Conference on Intelligent Transportation Systems (ITSC), Macau, China, Oct. 8–12, 2022, pp. 1988–1993. [CrossRef]
[62] H. Liang, L. Zhu, and F. R. Yu, “Collaborative edge intelligence service provision in blockchain empowered urban rail transit systems,” IEEE Internet Things J., vol. 11, no. 2, pp. 2211–2223, 2024. [CrossRef]
[63] N. Qin, J. Du, Y. Zhang, W. Liu, and H. Wang, “Fault diagnosis of multi-railway high-speed train bogies by improved federated learning,” IEEE Trans. Veh. Technol., vol. 72, no. 6, pp. 7184–7194, 2023. [CrossRef]
[64] S. Jiang, J. Cao, H. Wu, Y. Zhang, and L. Chen, “Privacy-preserving and efficient data sharing for blockchain-based intelligent transportation systems,” Inf. Sci., vol. 635, pp. 72–85, 2023. [CrossRef]
[65] H. W. Lim, W. G. Temple, B. A. N. Tran, T. Y. Wong, and R. H. Y. So, “Data integrity threats and countermeasures in railway spot transmission systems,” ACM Trans. Cyber-Phys. Syst., vol. 4, no. 1, pp. 1–26, 2019. [CrossRef]
[66] V. Vahidi, “Uplink data transmission for high speed trains in severe doubly selective channels of 6G communication systems,” Phys. Commun., vol. 49, p. 101489, 2021. [CrossRef]
[67] Z. Wang, X. Xie, L. Chen, S. Y. Song, and Z. J. Wang, “Intrusion detection and network information security based on deep learning algorithm in urban rail transit management system,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 2, pp. 2135–2143, 2023. [CrossRef]
[68] J. Du, J. Cheng, Y. You, T. W. Wang, N. Qin, and D. Q. Huang, "Federated transfer learning for fault diagnosis of high-speed train bogie with data security and training optimization," in presented at the 2023 CAA Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS), Yibin, China, 2023, pp. 1–6. [CrossRef]
[69] M. Saki, M. Abolhasan, J. Lipman, and A. Jamalipour, “A comprehensive access point placement for iot data transmission through train-wayside communications in multi-environment based rail networks,” IEEE Trans. Veh. Technol., vol. 69, no. 10, pp. 11937–11949, 2020. [CrossRef]
[70] K. Wang, H. Li, and Q. Zhang, “Parallel redundancy protocol for railway wireless data communication network,” Wirel. Commun. Mob. Comput., vol. 2022, p. Art. no. 9956048, 2022. [CrossRef]
[71] R. Chan, "A security framework for railway system deployments," in presented at the Critical Infrastructure Protection XV, Zhuhai, China, 2022, pp. 247–253.
[72] M. Luo and L. Zhu, “Research on real-time and reliability of wireless transmission of high-speed train control data based on data mining technology,” J. Phys., Conf. Ser., vol. 70, no. 4, p. 042093, 2021. [CrossRef]
[73] S. Soderi, D. Masti, and Y. Z. Lun, “Railway cyber-security in the era of interconnected systems: A survey,” IEEE Trans. Intell. Transp. Syst., vol. 24, no. 7, pp. 6764–6779, 2023. [CrossRef]
[74] X. Wang, C. Li, W. Wu, and D. Zhou, “Energy balanced data transmission strategy for LWSN in railway environment monitoring,” in presented at the 2020 8th International Conference on Information Technology: IoT and Smart City: IoT Smart City, Virtual, Dec. 25–27, 2020, pp. 189–194. [CrossRef]
[75] L. Wu, “Design of data transmission system for 3D laser scanning of liquefied gas railway tanker based on fuzzy algorithm,” J. Intell. Fuzzy Syst., vol. 38, no. 6, pp. 7755–7766, 2020. [CrossRef]
Disclaimer/Publisher’s Note: The views expressed in this article are those of the author(s) and do not necessarily reflect the views of the publisher or editors. The publisher and editors assume no responsibility for any injury or damage resulting from the use of information contained herein.
©2025 Copyright by the Authors.
Licensed as an open-access article distributed under the terms and conditions of the CC BY 4.0 license