Research On Train Control Signal Security Communication Protocol Based On Authenticated Encryption Mechanism

The RSSP-? protocol is the core of signal security communication of CTCS-3 train control system in China,its message authentication safety layer provides data integrity protection and data source identification for messages transmitted between train and trackside equipment by defining message authentication code algorithm,so the security of this algorithm is directly related to the safe operation of high-speed rail.However,some scholars have initiated a key recovery attack on the algorithm and successfully forged unauthorized information to be received by the train.Although in a real system,it is often difficult for an attacker to obtain enough known plaintext to initiate an actual attack within a short key lifetime,considering that the next-generation LTE-R system has a higher message transmission rate and the larger number of packets,an attacker has a great chance of finding a collision within the key lifetime to initiate an effective attack.Therefore,even if the existing system is not improved due to cost and things like that,the current security mechanism cannot be extended to the next generation of the train control system to provide protection.Focusing on this problem,this thesis proposes a targeted improvement scheme to provide higher security for the transmission of train control signals.At present,the authentication encryption mechanism has been widely used in various fields such as wireless LAN,and it is found that the authentication encryption mechanism has outstanding performance in terms of security and efficiency.Therefore,this thesis proposes to introduce the authentication encryption mechanism to improve the train control communication system,it can not only solve the security problem of the existing RSSP-? protocol core message authentication algorithm,but also make up for the risk brought by the failure of the GSM-R security mechanism and provide a high-strength end-to-end security protection mechanism for the future train control communication system.When selecting the appropriate authentication encryption algorithm,we consider all algorithms entering the final round of CAESAR competition,and combined with the characteristics of railway application scenarios,this thesis studies and analyzes the applicability of algorithms in the field of railway train control communication from three aspects: security,real-time and compatibility,Finally,we select the Deoxys-? algorithm for the defense-in-depth application scenario as the core of the improvement.When introducing the Deoxys-? algorithm to improve the original security mechanism,in order to ensure the compatibility of the protocol,this thesis improves the original RSSP-? protocol from five aspects,including associated data division,key generation mechanism,peer entity verification,secure data transmission and error handling mechanism.Moreover,we compare the software and hardware implementation of the Deoxys-? algorithm with the original message authentication code algorithm.In terms of software implementation,the Deoxys-? algorithm is tested for correctness and efficiency by constructing a typical control message packet,and it is compared with the original message authentication code algorithm in efficiency,the results show that the software latency of the Deoxys-? algorithm is greatly reduced.In hardware implementation,we compare the hardware resource consumption of the Deoxys-? algorithm with the original message authentication code algorithm,the results show that the hardware data throughput of the Deoxys-? algorithm is significantly improved,and the memory footprint is significantly reduced.In summary,the improved RSSP-? protocol not only makes up for the security vulnerabilities of the original protocol message authentication code scheme,but also provides higher strength protection for the secure transmission of the train control signals,and also significantly reduces the communication consumption of data transmission.It can be used to protect high-priority commands such as emergency stop commands that are not covered by long delays,further ensuring the safety of the train control system.