| The CTCS-3(Chinese Train Control System) is a key component of the train control system in the high speed railway lines, which is responsible for protecting our train operating efficiently, stably and safely. With the development of the train control system in China, a large number of commonly used servers, operating systems and databases are applied to it. These technologies have potential security problems, which makes the train control system facing serious network attacks. Further more, the Radio Block Center in the CTCS-3system provides some interfaces to the outside network, which makes the illegal invasion outside become possible. Railway operation concerns people’s life and property, and it would bring significant losses when malicious attack happens. Therefore, it is very important to protect the railway system working in safe.Nowadays, many techniques are widely used to protect the train control system’s network security, such as firewalls, antivirus software and NetGaps. Among these, Firewalls and NetGaps are able to defend the attacks from the untrust network, but unable to prevent attacks from internal trust network. Due to the antivirus software have to update the virus database periodically, it can not defend the latest virus in time. It is an effective method to improve the safety of the train control system via reinforcing the control terminal of system, which could avoid the attacks from the internal network directly and the network attack or virus infection that breaking through the firewalls or NetGaps.In this paper, conventional network threats to the C3system and protection technologies are analyzed. In order to protect the communication terminal, a kind of hardware isolation platform has been designed based on the microprocessors. This platform is used to isolate and examine the packets flow to the terminals in the C3system, which integrates with Ethernet, CAN and422interfaces. The interface drivers and the data processing software of the platform are realized in this paper, which prevent the illegal packets to pass through and send the corresponding analysis results to computer in real time, by examining the packets flow to critical equipments according to the "white list" technology. In addition, the communication software between computer and isolation platform is completed, which realizes the visual display of analysis results and the alarm signals.Further, several typical network attack methods were used to the C3system to verify the performance of this terminal isolation platform, including the scanning attacks, the ARP attacks, the Trojan attacks and the buffer overflow attacks. Our results show that security of these devices in the C3system is reinforced without affecting real-time performance of the network. The illegal intrusions, the attacks within the network and the spread of the virus are efficiently prevented using this terminal isolation platform. |
PDF Full Text Request