基于VxWorks的开放式安全通信协议的研究与实现
发布时间:2019-06-02 14:18
【摘要】:我国的铁路事业发展迅速,列车的运行速度和行车密度不断提高。行车安全必须要综合车、地多个系统来保障,系统之间的通信由封闭式网络转向开放式网络,通信安全性也就变的尤为重要。CTCS-3作为目前我国客运专线技术等级最高的列控系统,其各子系统间的信息交互过程已转变为开放式传输系统的范畴,必须针对开放式网络研究设计安全通信协议才能保证系统数据传输的可靠性和安全性,这是提高当前铁路信号控制安全性和信息化程度的必然要求。 铁路计算机联锁系统作为一种实时的安全苛求系统,对实现铁路的安全高效运行发挥着至关重要的作用。本课题的主要工作是在分析EN50159标准规范所提出的开放式传输系统信息安全可靠传输可能存在的威胁的基础上,对我国原铁道部科技司制定的铁路信号安全通信协议进行了重点研究。以计算机联锁系统与其他设备的通信接口为研究对象,对其通信安全性进行了功能安全分析和应用方面的研究,并在VxWorks操作系统上利用MUX层接口函数完成该安全协议与底层驱动程序的绑定,在Tornado环境下仿真出安全通信协议的安全功能。 本文完成的工作主要有以下几个方面: (1)基于EN50159标准中开放式的传输系统安全威胁相关的内容,对计算机的联锁系统的通信安全性进行了评估与分析,了解了其潜在的各种安全威胁,并提出相应的应对措施,包括采用序列号防护、TTS/EC计数防护以及安全码和加密技术防护。 (2)分析RSSP-II协议的安全通信系统结构,重点研究两个通信实体如何通过安全层的服务模型、服务原语建立安全连接,完成消息完整性与对等实体认证。 (3)深入分析DES算法原理,完成DES算法模块的编程,在此基础上利用DES算法模块加密、解密过程的组合实现消息完整性与对等实体认证过程中消息认证密码(MAC)的计算,在此过程中采用的是改进DES的三重DES算法。 (4)VxWorks是一种安全性非常高的实时嵌入式操作系统,广泛用作各种安全相关计算机系统的操作系统,,尤其在计算机联锁系统中应用尤为广泛,本文利用VxWorks作为基础平台,利用MUX层接口实现安全通信协议的绑定,系统通过标准的socket接口实现安全通信协议的应用。 在分析、设计以及实现安全通信协议的基础上,测试数据表明,RSSP-II安全通信协议能有效防御常见的网络通信威胁,尤其是论文中3DES加密算法与三重时间戳相结合的方法,极大的提高了通信系统的安全性等级和实用性。
[Abstract]:With the rapid development of railway in China, the running speed and density of trains are increasing. Traffic safety must be guaranteed by integrated vehicles and multiple systems, and the communication between the systems has changed from a closed network to an open network. The communication security has become particularly important. CTCs-3, as the train control system with the highest technical level of passenger dedicated line in our country, the information interaction process among its subsystems has changed into the category of open transmission system. In order to ensure the reliability and security of system data transmission, it is necessary to study and design a secure communication protocol for open network, which is an inevitable requirement to improve the security and informatization of railway signal control at present. As a real-time safety demanding system, railway computer interlocking system plays an important role in realizing the safe and efficient operation of railway. The main work of this paper is to analyze the possible threats of secure and reliable transmission of information in open transmission system proposed by EN50159 standard specification. This paper focuses on the railway signal security communication protocol formulated by the Science and Technology Department of the Ministry of Railways in China. Taking the communication interface between computer interlocking system and other devices as the research object, the communication security of computer interlocking system is analyzed and applied. The MUX layer interface function is used to bind the security protocol to the underlying driver on VxWorks operating system, and the security function of the secure communication protocol is simulated in Tornado environment. The main work of this paper is as follows: (1) based on the security threat of open transmission system in EN50159 standard, the communication security of computer interlocking system is evaluated and analyzed. The potential security threats are understood, and the corresponding countermeasures are put forward, including serial number protection, TTS/EC counting protection, security code and encryption technology protection. (2) the secure communication system structure of RSSP-II protocol is analyzed, and how to establish secure connection between the two communication entities through the service model of security layer is studied, and the message integrity and peer entity authentication are completed. (3) the principle of DES algorithm is deeply analyzed, and the programming of DES algorithm module is completed. On this basis, the encryption and decryption process of DES algorithm module are used to realize the calculation of message integrity and message authentication password (MAC) in the process of peer entity authentication. In this process, the improved DES triple DES algorithm is used. (4) VxWorks is a very secure real-time embedded operating system, which is widely used as the operating system of various security-related computer systems, especially in computer interlocking system. In this paper, VxWorks is used as the basic platform. The MUX layer interface is used to bind the secure communication protocol, and the system realizes the application of the secure communication protocol through the standard socket interface. Based on the analysis, design and implementation of secure communication protocol, the test data show that RSSP-II secure communication protocol can effectively defend against common network communication threats, especially the combination of 3DES encryption algorithm and triple timestamp in this paper. The security level and practicability of the communication system are greatly improved.
【学位授予单位】:兰州交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP393.04
本文编号:2491167
[Abstract]:With the rapid development of railway in China, the running speed and density of trains are increasing. Traffic safety must be guaranteed by integrated vehicles and multiple systems, and the communication between the systems has changed from a closed network to an open network. The communication security has become particularly important. CTCs-3, as the train control system with the highest technical level of passenger dedicated line in our country, the information interaction process among its subsystems has changed into the category of open transmission system. In order to ensure the reliability and security of system data transmission, it is necessary to study and design a secure communication protocol for open network, which is an inevitable requirement to improve the security and informatization of railway signal control at present. As a real-time safety demanding system, railway computer interlocking system plays an important role in realizing the safe and efficient operation of railway. The main work of this paper is to analyze the possible threats of secure and reliable transmission of information in open transmission system proposed by EN50159 standard specification. This paper focuses on the railway signal security communication protocol formulated by the Science and Technology Department of the Ministry of Railways in China. Taking the communication interface between computer interlocking system and other devices as the research object, the communication security of computer interlocking system is analyzed and applied. The MUX layer interface function is used to bind the security protocol to the underlying driver on VxWorks operating system, and the security function of the secure communication protocol is simulated in Tornado environment. The main work of this paper is as follows: (1) based on the security threat of open transmission system in EN50159 standard, the communication security of computer interlocking system is evaluated and analyzed. The potential security threats are understood, and the corresponding countermeasures are put forward, including serial number protection, TTS/EC counting protection, security code and encryption technology protection. (2) the secure communication system structure of RSSP-II protocol is analyzed, and how to establish secure connection between the two communication entities through the service model of security layer is studied, and the message integrity and peer entity authentication are completed. (3) the principle of DES algorithm is deeply analyzed, and the programming of DES algorithm module is completed. On this basis, the encryption and decryption process of DES algorithm module are used to realize the calculation of message integrity and message authentication password (MAC) in the process of peer entity authentication. In this process, the improved DES triple DES algorithm is used. (4) VxWorks is a very secure real-time embedded operating system, which is widely used as the operating system of various security-related computer systems, especially in computer interlocking system. In this paper, VxWorks is used as the basic platform. The MUX layer interface is used to bind the secure communication protocol, and the system realizes the application of the secure communication protocol through the standard socket interface. Based on the analysis, design and implementation of secure communication protocol, the test data show that RSSP-II secure communication protocol can effectively defend against common network communication threats, especially the combination of 3DES encryption algorithm and triple timestamp in this paper. The security level and practicability of the communication system are greatly improved.
【学位授予单位】:兰州交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP393.04
【参考文献】
相关期刊论文 前10条
1 张晓华,李智涛,徐钊;VxWorks网络协议栈的MUX接口[J];单片机与嵌入式系统应用;2002年05期
2 胡明;彭来献;兰明蛟;宋孝先;;基于VxWorks网络协议栈的数据采集协议设计[J];测控技术;2007年12期
3 焦程波;;传感器网络中基于时钟偏移的伪造节点攻击检测技术[J];计算机应用研究;2011年11期
4 戚文静,张素,于承新,赵莉;几种身份认证技术的比较及其发展方向[J];山东建筑工程学院学报;2004年02期
5 刘亚林,范平志;GSM-R双向认证与端到端加密[J];铁道通信信号;2005年04期
6 吴昊;史小华;范絮妍;钟章队;;CTCS-3级列控系统车-地无线通信端到端通信安全增强技术的研究[J];铁道通信信号;2010年10期
7 陈锋华;;列控系统安全通信研究[J];铁路通信信号工程技术;2006年01期
8 傅世善;;计算机联锁进一步发展的探索[J];铁路通信信号工程技术;2006年02期
9 杨霓霏;段武;卢佩玲;;铁路信号系统安全相关通信标准与安全协议研究[J];中国铁路;2008年06期
10 王海忠;;列控联锁一体化系统设计方案探讨[J];铁道通信信号;2009年01期
本文编号:2491167
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2491167.html
