Research On Identity Authentication Security Of Railway Time Synchronization Protocol

The railway time synchronization network is an important part of the railway support network.It is mainly responsible for providing unified time reference signals for various railway business subsystems and equipment.It is an important information infrastructure for building a smart railway system.The NTP protocol is a time synchronization protocol widely used in large-scale networks.The railway time synchronization network adopts a three-level master-slave architecture,and the NTP protocol is used for time synchronization between threelevel time nodes.NTP is a UDP based time synchronization protocol.Due to the connectionless nature of the UDP protocol,it is extremely easy to become the target of network attacks.Identity authentication is the most important line of defense to ensure the security of railway time synchronization protocols.Therefore,it is very important to study the security of identity authentication of railway time synchronization protocol for the safe operation of railway time synchronization network.This paper takes the identity authentication scheme of railway time synchronization protocol as the research object,establishes a model of the identity authentication process of railway time synchronization protocol through colored Petri nets,and uses the colored Petri net model to analyze the security of the identity authentication scheme.On this basis,a mutual authentication scheme for railway time synchronization protocol is proposed.The main research results of this article are as follows:(1)The railway time synchronization protocol builds its authentication mechanism based on the Autokey model,which supports two modes of trusted certificates and private certificates.In the railway time synchronization network,the trusted certificate is generally used to authenticate the time synchronization server.After the trusted certificate authentication is completed,a challenge response mechanism is provided for further identity authentication.There may be security holes in the identity authentication process.Therefore,this paper adopts colored Petri net to model and analyze it.Firstly,according to the identity authentication process of railway time synchronization protocol,a colored Petri net model of the challenge response authentication process based on public parameters is established.At the same time,the possible security loopholes in the challenge response operation mechanism based on public parameters are analyzed using this model.Then,the colored Petri net model of the challenge response process under the man-in-the-middle attack is established,and the reachability of insecure state of identity authentication scheme is analyzed by reverse state analysis method.Finally,the safety analysis results are simulated and verified using CPN Tools software.The results show that there are security vulnerabilities in the challenge response authentication process of the railway time synchronization protocol,and the client lacks verification of the source information of the challenge response message,which can lead to the challenge response message forged by the middleman being able to pass the client identity authentication,thereby achieving the attack purpose of manipulating time nodes,endangering the safe operation of the railway system.(2)In order to improve the security protection capability of railway time synchronization network,based on the above research,this paper analyzes the security requirements of railway time synchronization protocol identity authentication,and proposes a mutual authentication scheme for railway time synchronization protocol based on elliptic curve encryption algorithm according to the security requirements.The scheme includes four stages: registration,initial association,certificate exchange,and identity authentication.It not only achieves mutual identity authentication for time nodes in the railway time synchronization network,but also effectively prevents man-in-the-middle attacks and replay attacks.In addition,the mutual authentication scheme considers the impact of time factors on identity authentication,and introduces elliptic curve encryption under the Autokey authentication framework to improve the security of identity authentication while maintaining a high authentication efficiency.Finally,the security analysis of the mutual authentication scheme is carried out by using the formal simulation tool AVISPA,and the performance is compared with similar schemes.The results show that the mutual authentication scheme is superior to similar authentication schemes in terms of security attributes and communication overhead,can meet the security requirements of railway time synchronization protocols,and provide security guarantee for railway time synchronization networks.