Research On Identity Authentication Among The Communication Between The Train And Ground In CTCS-3

With the rapid development of China's railway industry, the requirements of train control systems are increasingly higher. CTCS-3 (Chinese Train Control System level 3) uses GSM-R (Global System of Mobile communication for Railways) to achieve the communication between the train and ground, to meet the requirements of high-speed railway. However, the status of the identity authentication as the first line of defense in GSM-R, is extremely important, it is the most basic security service, once the authentication system is broken, all security measures will be useless. Currently, some security flaws exist in the identity authentication technology In GSM-R, such as the GSM-R network only supports one-way authentication of users, but users can't confirm whether the network is Legitimate, so it's possible for the user to access the counterfeit network, evenly the encryption algorithm A5 of the air interface has been attacked, the hidden security dangers provide opportunities for the lawless attacker to access CTCS-3, which will seriously affect the safety of high-speed train, hinder the development of high-speed railway industry. Thus, in order to ensure the safety of the first line of defense in GSM-R, it's necessary to design a high-security identity authentication mechanism to meet the requirements of the high-speed train.First, this paper analyzes and summarizes the security demands of the identity authentication in CTCS-3; and then, in-depth research to currently mature theory of wireless network authentication technology has been done. And we introduce some theories and technologies, such as public key cryptography, dynamic password, the hash function and so on, as theoretical basis of the new authentication mechanism. Finally, based on summing up the security requirements and the relevant technical theory, a suit of CTCS-3 authentication mechanisms IAMCTG (Identity Authentication Mechanism in Communication between Train and Ground) has been designed, which not only ensures the safety, and also improved the data transmission efficiency in CTCS-3.To demonstrate the new identity authentication mechanism can meet security requirements in CTCS-3, this paper use the network simulation software OPNET to simulate the old and new identity authentication respectively, and based on "Overall Technical Program of CTCS-3 according to the QoS (Quality of Service) indicators, we set single run-time, queuing delay, utilization, network throughput as the indicators of the simulation. Simulation results show that IAMCTG model, in functionality realized the key negotiation and bi-authentication between the server-side and car radio units; in security, the paper simulates the middle attacks, the result shows that IAMCTG model can resist such attacks; in capability, we collect the value of the four statistical indicators. Finally, we prove that the new identity authentication mechanism can meet the security requirements of the CTCS-3.