Research Of High-speed Railway Train Control System Communication Network Security

High-speed railway signal communication systems consist of the computer interlocking system, the centralized traffic control system, the CTCS-3 train control system and the signal centralized monitering system. And the communication networks of the CTCS-3 train control system consist of the ground backbone network(the wired communication subnet) and the mobile network(the wireless communication subnet). Due to the communication object of the CTCS-3 system is mainly the moving train, thus the traveling traffic scheduling signals and control signals are sensitived and the train’s high speed moving increasing the communication singal’s security threats. Therefore, the CTCS-3 signal communication system must achieve higher reliability, security and confidentiality.The security communication processes of communication system generally include identity authentication subprocess(through the identity authentication protocol) and data security transmission subprocess(through the secure communication protocol). According to the structure of high-speed railway control system communication network, the identity authentication comprises the GSM-R wireless authentication scheme and the signal safety data network communication authentication scheme. The data transmission mainly has two kinds of security channel--the closed structure communication network and the open structure communication network.Firstly, this paper analyzes the network structure of CTCS-3 system and the communications of main equipments, the research status and development trends of the security problems of communication network, and describes the authentication processes of the railway wireless communication network GSM-R in detail, the existing theories suggest that the GSM-R authentication scheme has many security problems, we use the formal analysis tool ProVerif analyze the existing GSM-R authentication scheme and its results confirmed the existing theories. And then, combination with the development orientation of GSM-R, the LTE-R authentication schemes(including the initial authentication, re-engaging authentication and handover access authentication) of the CTCS-3 wireless communication network are proposed in this paper, and we use ProVerif analyze its security. According to the characteristics of the ground signal in the backbone transmission network security data network, puts forward the equipment and the equipment and authentication scheme between the administrator and equipment, and the safety of using ProVerif analysis schemes. Then, according to the characteristics of the safety data network of the backbone communication networks, we propose the equipment-to-equipment authentication scheme and the administrator-to-equipment authentication scheme, and use the ProVerif analyze the proposed schemes. The results of ProVerif analyses show that the proposed authentication schemes can meet the security requirements of the CTCS-3 communications network.Finally, we analyze the communication data security requirements of CTCS-3 system, and describe several kinds of railway industry applied secure communication protocol, study and compare the security measures of chinese railway signal sesure communication protocol RSSP-I and RSSP-II in detail. The communication security problems of the train control system that we studied could provide a reference scheme for the developer of the stabilized and secure next generation train control system.