|
|
- 2018
铁路通信网络安全的分析测试与可信防御研究
|
Abstract:
为了保障我国铁路通信系统的网络安全,提出了一种基于可信计算和软件定义网络(software-defined networking,SDN)相结合的铁路通信网安全体系架构.首先,从我国铁路通信系统网络整体架构出发,采用故障树分析方法,以"恶意人员造成铁路业务中断"为故障树的顶事件,对系统所面临的网络安全风险进行分析;其次,进行了仿真测试,根据测试结果拟合了一个恶意人员针对铁路通信系统的威胁场景.通过仿真测试结果和分析表明,本文所提出的架构可以更好地应对大规模、针对性强的网络攻击行为,从而保障和提高我国高速铁路通信网络安全.
:China's railway communication networks have been deployed throughout the country and have a complex infrastructure. A security architecture based on trusted computing and software-defined networking (SDN) has thus been proposed for ensuring the security of the railway communication system. The security risks for the complete network were investigated and tested through fault tree analysis. A simulation evaluation was subsequently performed and a threat scenario was simulated for analysing possible intrusions into the railway communication network. The obtained results show that the proposed architecture can help address various organised,targeted,and persistent network attacks
| [1] | LI S F, YAN L S, XING H L, et al. Enhanced robustness of control network for Chinese train control system level-3(CTCS-3) facilitated by software-defined networking architecture[J]. International Journal of Rail Transportation, 2014, 4(2):239-252 |
| [2] | 闫连山,陈建译,郭进. 铁路信号系统网络与信息安全[M]. 北京:中国铁道出版社,2016:3-10 |
| [3] | 中华人民共和国铁道部. 铁路数字移动通信系统(GSM-R)总体技术要求:TB/T 3324-2013[S]. 北京:中国铁道出版社,2013 |
| [4] | CARA M,LYDIA W. UK rail network hit by multiple cyber attacks last year[DB/OL]//The Telegraph,(2016-06-12)[2016-12-31]. http://www.telegraph.co.uk/technology/2016/07/12/uk-rail-network-hit-by-multiple-cyber-attacks-last-year/ |
| [5] | WU Y, JIAN W, ZHE T, et al. Vulnerabilities,attacks,and countermeasures in balise-based train control systems[J]. IEEE Transaction on Intelligent Transportation Systems, 2017, 18(4):814-823 |
| [6] | RICHARD B,ROBIN B,ILIR G,et al. How secure is ERTMS?[C]//SAFECOMP 2012 Workshops.[S.l.]:LNCS,2012:247-258 |
| [7] | 郭伟,闫连山,王小敏,等. RSSP-Ⅱ铁路信号安全通信协议的安全性分析[J]. 铁道学报,2016,38(8):50-56 GUO Wei, YAN Lianshan, WANG Xiaomin, et al. Security analysis of railway signal safety communication protocol[J]. Journal of the China Railway Society, 2016, 38(8):50-56 |
| [8] | 付淳川,王小敏,张文芳,等. 基于组件安全属性的列控中心信息安全风险评估方法[J]. 铁道学报,2017,39(8):77-84 FU Chunchuan, WANG Xiaomin, ZHANG Wenfang, et al. A component security attribute model driven information security risk assessment approach for train control center[J]. Journal of the China railway society, 2017, 39(8):77-84 |
| [9] | LGOR L, MARINA A. Cyber security analysis of the european train control system[J]. IEEE Communications Magazine, 2015, 53(10):110-116 |
| [10] | 中华人民共和国国家标准. 信息系统等级保护安全设计技术要求:GB/T 25070-2010[S]. 北京:中国国家标准化管理委员会2011 |
| [11] | 孙瑜. 高安全级操作系统结构化关键技术研究[D]. 北京工业大学,2011 |
| [12] | Open Networking Foundation. Software-defined networking:the new norm for networks[DB/OL]. (2012-04-13)[2016-12-31]. http://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/new-openflow-document.pdf |
| [13] | 徐恪,朱亮,朱敏. 互联网地址安全体系与关键技术[J]. 软件学报,2014,25(1):78-97 XU Ke, ZHU Liang, ZHU Min. Architecture and key technologies of internet address security[J]. Journal of Software, 2014, 25(1):78-97 |
| [14] | 徐恪,赵玉东,陈文龙,等. 防御数据窃听攻击的路由交换范式体系[J]. 计算机学报,2017,40(7):1649-1663 XU Ke, ZHAO Yulong, CHEN Wenlong, et al. Paradigm-based routing & switching system for data interception attacks[J]. Chinese Journal of Computers, 2017, 40(7):1649-1663 |
| [15] | 李赛飞,闫连山,郭伟,等. 高速铁路信号系统网络安全与统一管控[J]. 西南交通大学学报,2015,50(3):478-484 LI Saifei, YAN Lianshan, GUO Wei, et al. Analysis of network security for chinese high-speed railway signal systems and proposal of unified security control[J]. Journal of Southwest Jiaotong University, 2015, 50(3):478-484 |
| [16] | 中国铁路总公司. 高速铁路通信技术-承载网[M]. 北京:中国铁道出版社,2013:20-25 |
| [17] | 沈昌祥,张焕国,王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学,2010,40(2):139-166 |
| [18] | 沈昌祥. 可信计算构筑主动防御的安全体系[J]. 信息安全与通信保密,2016(6):34-34 |
