| Recently,we have witnessed the remarkable development in high-speed railways around the world.Since the commute time is usually long,passengers demand Internet connectivity to manage their daily activities during the journey.To build a robust wireless network for the passengers without expensive road side unit updates,we have proposed smart collaborative networking for railway(SCN-R).Due to its good performance in wireless bandwidth and robustness,SCN-R is attracting significant attention from both academia and industry.According to smart collaborative networking,the devices supporting SCN-R are defined as the high-speed moving service family.With the application and popularization of SCN-R,users begin to pay attention to its security performance.However,to the best of our knowledge,the security performance of the high-speed moving service family is still not comprehensively studied.Therefore,in this paper,we attempt to analyze the potential cyber attacks in SCN-R based on its network and traffic features.Therefore,the main contributions of this paper can be summarized as follows.1.A detection and mitigation mechanism is proposed to deal with the micro flow based DDoS attack in SCN-R.Since the micro flow based DDoS attack can lead to the table overflow and control link congestion problems,the proposed mechanism leverages the existing control link messages to reduce the detection cost and make the detection process efficient.Meanwhile,the proposed mechanism combines the control and forwarding decoupled network in SCN-R with the firewall to achieve intercepting the attack flow collaboratively and efficiently.The feasibility of the proposed mechanism is proved using both the simulation platform and the prototype system.2.A detection and mitigation mechanism is proposed against the sophisticated table overflow DDoS attack in SCN-R.In the high-speed moving scenario,the micro flow based DDoS attack can evolve into the sophisticated table overflow DDoS attack.To solve this problem,the proposed mechanism is designed with a detail mathematical model,which gives a deep analysis to the potential target in the network.By using the three novel monitoring features and the flow entry token bucket system,our proposal can detect and mitigate the attack efficiently.To prove the feasibility of the proposed mechanism,we simulate it using different network models and test it using the prototype system.3.An efficient authentication mechanism is proposed for the smart mobile router and smart access router.In the high speed moving scenario,the unstable wireless link state and the high packet loss rate make the traditional authentication proposals unsuitable.To solve this problem,we propose a novel random number generator and authentication mechanism using the chaotic map.It reduces the computation and communication overhead by avoiding complex reversible encryption algorithms.The authentication mechanism is tested in both static and mobile environments.The results prove its feasibility.4.A detection and mitigation method is provided to defeat the sophisticated link flood attack.Such attacks are launched by the on board attacker and ground side attacker at the same time.The attack flows use the smart access router as their ingress and exhaust the limited wireless bandwidth on the smart mobile router.Therefore,the proposed method is designed to identify the on board attacker and then intercept the attack flows from the ground side attacker.To show its feasibility,we test the proposed method in our SCN-R prototype system. |
PDF Full Text Request