Research And Design On The IPSec In CBTC System

Communication Based Train Control (CBTC) system, which controls and supervises the train through the two-way data communications between train and ground, improve train safety and transport efficiency. WLAN based on the IEEE 802.11 standards, with its advantages of easy to install, flexible to use, economical, easy to extend, has become the most widely used means of train-ground communication in the CBTC system. But at the same time, the security issue inherent to WLAN has been introduced into CBTC system. Therefore it is necessary to adopt relevant measures to improve the data communications security of the CBTC system based on the IEEE 802.11 standards.This paper first made a detailed analysis on the security system of CBTC system data communications network and its leaks, and carried out that to improve the data communications security of the CBTC system by the use of IPSec mechanism. Second, this paper made an in-depth expatiation on the IPSec mechanism, including security association (SA), security agreement(IP Authentication Header and IP Encapsulating Security Payload), relevant database(Security Policy Database, SPD and Security Association Database, SAD), and the Internet Key Exchange(IKE). According to the features of CBTC system, it also carried out a design proposal of IPSec mechanism in CBTC system. That is to provide safeguard with the tunnel mode ESP between the train and ground system, while to provide safeguard with the AH or transfer mode ESP among the ground systems. Also this paper made a detailed description on the flow path of the data packet processing and key exchange. Finally, it introduced Advanced Encryption Standard (AES) into the IPSec mechanism of CBTC system, in order to achieve encryption and authentication algorithm of IPSec. Advanced Encryption Standard (AES) is a symmetric cipher algorithm, which will be used to replace the Data Encryption Standard (DES), and become a widely used new data encryption standard. This paper proposes a design achieving the AES algorithm using FPGA, carried out a detailed description and simulation analysis on the overall program and each module, and made a test and analysis of the actual circuit board, proving the correctness of the design proposal.IPSec mechanism would provide IP packet access control, integrity detection, authentication, data encryption and anti-replay attacks, and other security services for communications network, and improve the overall security of the data communications, moreover its development cycle is short, cost is low, expand is easy. Therefore, to adopt the IPSec mechanism in the CBTC system is a good choice to enhance the data communications security.