基于VxWorks的開放式安全通信協(xié)議的研究與實(shí)現(xiàn)
發(fā)布時(shí)間:2019-06-02 14:18
【摘要】:我國的鐵路事業(yè)發(fā)展迅速,列車的運(yùn)行速度和行車密度不斷提高。行車安全必須要綜合車、地多個(gè)系統(tǒng)來保障,系統(tǒng)之間的通信由封閉式網(wǎng)絡(luò)轉(zhuǎn)向開放式網(wǎng)絡(luò),通信安全性也就變的尤為重要。CTCS-3作為目前我國客運(yùn)專線技術(shù)等級最高的列控系統(tǒng),其各子系統(tǒng)間的信息交互過程已轉(zhuǎn)變?yōu)殚_放式傳輸系統(tǒng)的范疇,必須針對開放式網(wǎng)絡(luò)研究設(shè)計(jì)安全通信協(xié)議才能保證系統(tǒng)數(shù)據(jù)傳輸?shù)目煽啃院桶踩裕@是提高當(dāng)前鐵路信號控制安全性和信息化程度的必然要求。 鐵路計(jì)算機(jī)聯(lián)鎖系統(tǒng)作為一種實(shí)時(shí)的安全苛求系統(tǒng),對實(shí)現(xiàn)鐵路的安全高效運(yùn)行發(fā)揮著至關(guān)重要的作用。本課題的主要工作是在分析EN50159標(biāo)準(zhǔn)規(guī)范所提出的開放式傳輸系統(tǒng)信息安全可靠傳輸可能存在的威脅的基礎(chǔ)上,對我國原鐵道部科技司制定的鐵路信號安全通信協(xié)議進(jìn)行了重點(diǎn)研究。以計(jì)算機(jī)聯(lián)鎖系統(tǒng)與其他設(shè)備的通信接口為研究對象,對其通信安全性進(jìn)行了功能安全分析和應(yīng)用方面的研究,并在VxWorks操作系統(tǒng)上利用MUX層接口函數(shù)完成該安全協(xié)議與底層驅(qū)動(dòng)程序的綁定,在Tornado環(huán)境下仿真出安全通信協(xié)議的安全功能。 本文完成的工作主要有以下幾個(gè)方面: (1)基于EN50159標(biāo)準(zhǔn)中開放式的傳輸系統(tǒng)安全威脅相關(guān)的內(nèi)容,對計(jì)算機(jī)的聯(lián)鎖系統(tǒng)的通信安全性進(jìn)行了評估與分析,了解了其潛在的各種安全威脅,并提出相應(yīng)的應(yīng)對措施,包括采用序列號防護(hù)、TTS/EC計(jì)數(shù)防護(hù)以及安全碼和加密技術(shù)防護(hù)。 (2)分析RSSP-II協(xié)議的安全通信系統(tǒng)結(jié)構(gòu),重點(diǎn)研究兩個(gè)通信實(shí)體如何通過安全層的服務(wù)模型、服務(wù)原語建立安全連接,完成消息完整性與對等實(shí)體認(rèn)證。 (3)深入分析DES算法原理,完成DES算法模塊的編程,在此基礎(chǔ)上利用DES算法模塊加密、解密過程的組合實(shí)現(xiàn)消息完整性與對等實(shí)體認(rèn)證過程中消息認(rèn)證密碼(MAC)的計(jì)算,在此過程中采用的是改進(jìn)DES的三重DES算法。 (4)VxWorks是一種安全性非常高的實(shí)時(shí)嵌入式操作系統(tǒng),廣泛用作各種安全相關(guān)計(jì)算機(jī)系統(tǒng)的操作系統(tǒng),,尤其在計(jì)算機(jī)聯(lián)鎖系統(tǒng)中應(yīng)用尤為廣泛,本文利用VxWorks作為基礎(chǔ)平臺,利用MUX層接口實(shí)現(xiàn)安全通信協(xié)議的綁定,系統(tǒng)通過標(biāo)準(zhǔn)的socket接口實(shí)現(xiàn)安全通信協(xié)議的應(yīng)用。 在分析、設(shè)計(jì)以及實(shí)現(xiàn)安全通信協(xié)議的基礎(chǔ)上,測試數(shù)據(jù)表明,RSSP-II安全通信協(xié)議能有效防御常見的網(wǎng)絡(luò)通信威脅,尤其是論文中3DES加密算法與三重時(shí)間戳相結(jié)合的方法,極大的提高了通信系統(tǒng)的安全性等級和實(shí)用性。
[Abstract]:With the rapid development of railway in China, the running speed and density of trains are increasing. Traffic safety must be guaranteed by integrated vehicles and multiple systems, and the communication between the systems has changed from a closed network to an open network. The communication security has become particularly important. CTCs-3, as the train control system with the highest technical level of passenger dedicated line in our country, the information interaction process among its subsystems has changed into the category of open transmission system. In order to ensure the reliability and security of system data transmission, it is necessary to study and design a secure communication protocol for open network, which is an inevitable requirement to improve the security and informatization of railway signal control at present. As a real-time safety demanding system, railway computer interlocking system plays an important role in realizing the safe and efficient operation of railway. The main work of this paper is to analyze the possible threats of secure and reliable transmission of information in open transmission system proposed by EN50159 standard specification. This paper focuses on the railway signal security communication protocol formulated by the Science and Technology Department of the Ministry of Railways in China. Taking the communication interface between computer interlocking system and other devices as the research object, the communication security of computer interlocking system is analyzed and applied. The MUX layer interface function is used to bind the security protocol to the underlying driver on VxWorks operating system, and the security function of the secure communication protocol is simulated in Tornado environment. The main work of this paper is as follows: (1) based on the security threat of open transmission system in EN50159 standard, the communication security of computer interlocking system is evaluated and analyzed. The potential security threats are understood, and the corresponding countermeasures are put forward, including serial number protection, TTS/EC counting protection, security code and encryption technology protection. (2) the secure communication system structure of RSSP-II protocol is analyzed, and how to establish secure connection between the two communication entities through the service model of security layer is studied, and the message integrity and peer entity authentication are completed. (3) the principle of DES algorithm is deeply analyzed, and the programming of DES algorithm module is completed. On this basis, the encryption and decryption process of DES algorithm module are used to realize the calculation of message integrity and message authentication password (MAC) in the process of peer entity authentication. In this process, the improved DES triple DES algorithm is used. (4) VxWorks is a very secure real-time embedded operating system, which is widely used as the operating system of various security-related computer systems, especially in computer interlocking system. In this paper, VxWorks is used as the basic platform. The MUX layer interface is used to bind the secure communication protocol, and the system realizes the application of the secure communication protocol through the standard socket interface. Based on the analysis, design and implementation of secure communication protocol, the test data show that RSSP-II secure communication protocol can effectively defend against common network communication threats, especially the combination of 3DES encryption algorithm and triple timestamp in this paper. The security level and practicability of the communication system are greatly improved.
【學(xué)位授予單位】:蘭州交通大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08;TP393.04
本文編號:2491167
[Abstract]:With the rapid development of railway in China, the running speed and density of trains are increasing. Traffic safety must be guaranteed by integrated vehicles and multiple systems, and the communication between the systems has changed from a closed network to an open network. The communication security has become particularly important. CTCs-3, as the train control system with the highest technical level of passenger dedicated line in our country, the information interaction process among its subsystems has changed into the category of open transmission system. In order to ensure the reliability and security of system data transmission, it is necessary to study and design a secure communication protocol for open network, which is an inevitable requirement to improve the security and informatization of railway signal control at present. As a real-time safety demanding system, railway computer interlocking system plays an important role in realizing the safe and efficient operation of railway. The main work of this paper is to analyze the possible threats of secure and reliable transmission of information in open transmission system proposed by EN50159 standard specification. This paper focuses on the railway signal security communication protocol formulated by the Science and Technology Department of the Ministry of Railways in China. Taking the communication interface between computer interlocking system and other devices as the research object, the communication security of computer interlocking system is analyzed and applied. The MUX layer interface function is used to bind the security protocol to the underlying driver on VxWorks operating system, and the security function of the secure communication protocol is simulated in Tornado environment. The main work of this paper is as follows: (1) based on the security threat of open transmission system in EN50159 standard, the communication security of computer interlocking system is evaluated and analyzed. The potential security threats are understood, and the corresponding countermeasures are put forward, including serial number protection, TTS/EC counting protection, security code and encryption technology protection. (2) the secure communication system structure of RSSP-II protocol is analyzed, and how to establish secure connection between the two communication entities through the service model of security layer is studied, and the message integrity and peer entity authentication are completed. (3) the principle of DES algorithm is deeply analyzed, and the programming of DES algorithm module is completed. On this basis, the encryption and decryption process of DES algorithm module are used to realize the calculation of message integrity and message authentication password (MAC) in the process of peer entity authentication. In this process, the improved DES triple DES algorithm is used. (4) VxWorks is a very secure real-time embedded operating system, which is widely used as the operating system of various security-related computer systems, especially in computer interlocking system. In this paper, VxWorks is used as the basic platform. The MUX layer interface is used to bind the secure communication protocol, and the system realizes the application of the secure communication protocol through the standard socket interface. Based on the analysis, design and implementation of secure communication protocol, the test data show that RSSP-II secure communication protocol can effectively defend against common network communication threats, especially the combination of 3DES encryption algorithm and triple timestamp in this paper. The security level and practicability of the communication system are greatly improved.
【學(xué)位授予單位】:蘭州交通大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08;TP393.04
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 張曉華,李智濤,徐釗;VxWorks網(wǎng)絡(luò)協(xié)議棧的MUX接口[J];單片機(jī)與嵌入式系統(tǒng)應(yīng)用;2002年05期
2 胡明;彭來獻(xiàn);蘭明蛟;宋孝先;;基于VxWorks網(wǎng)絡(luò)協(xié)議棧的數(shù)據(jù)采集協(xié)議設(shè)計(jì)[J];測控技術(shù);2007年12期
3 焦程波;;傳感器網(wǎng)絡(luò)中基于時(shí)鐘偏移的偽造節(jié)點(diǎn)攻擊檢測技術(shù)[J];計(jì)算機(jī)應(yīng)用研究;2011年11期
4 戚文靜,張素,于承新,趙莉;幾種身份認(rèn)證技術(shù)的比較及其發(fā)展方向[J];山東建筑工程學(xué)院學(xué)報(bào);2004年02期
5 劉亞林,范平志;GSM-R雙向認(rèn)證與端到端加密[J];鐵道通信信號;2005年04期
6 吳昊;史小華;范絮妍;鐘章隊(duì);;CTCS-3級列控系統(tǒng)車-地?zé)o線通信端到端通信安全增強(qiáng)技術(shù)的研究[J];鐵道通信信號;2010年10期
7 陳鋒華;;列控系統(tǒng)安全通信研究[J];鐵路通信信號工程技術(shù);2006年01期
8 傅世善;;計(jì)算機(jī)聯(lián)鎖進(jìn)一步發(fā)展的探索[J];鐵路通信信號工程技術(shù);2006年02期
9 楊霓霏;段武;盧佩玲;;鐵路信號系統(tǒng)安全相關(guān)通信標(biāo)準(zhǔn)與安全協(xié)議研究[J];中國鐵路;2008年06期
10 王海忠;;列控聯(lián)鎖一體化系統(tǒng)設(shè)計(jì)方案探討[J];鐵道通信信號;2009年01期
本文編號:2491167
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2491167.html
最近更新
教材專著
