Research On Key Technologies Of Network Security For Railway Mobile Communication Network

With the penetration of computer networks in various fields,there are so many advanced network attacks that network security incidents occur frequently.Therefore,China has increased the network security to the national strategic level in recent years.As a national important infrastructure in the railway industry,the security of railway mobile communications network will also face greater threats and challenges.In view of this,this thesis analyzes and discusses the security problems existing in the railway mobile communication network,and puts forward the corresponding security solution to fully guarantee the security of railway mobile communication network.This thesis firstly analyzes and discusses the access security of railway mobile communication network.For the problem of illegal device access,the working principle of Equipment Identification Register(EIR)is briefly analyzed,and the deployment of EIR in rail and the improvement scheme of EIR are described in detail.Contrapose the issue of potential threat to wireless intrusion,this thesis briefly analyzes the defects of A5 algorithm and the interference to railway safety from pseudo base stations.In order to effectively resist the interference attacks from pseudo base stations,a negotiated authentication method is proposed to realize the two-way authentication of mobile stations and networks,thus ensuring the safety of railway mobile communication network access.Secondly,a secure transmission model is proposed for end-to-end secure transmission,which is suitable for GSM-R communication in view of the safety of GPRS subsystem of railway mobile communication system.The model adds a security control center in the core network,which is responsible for the distribution and storage of keys,making the end-to-end sessions have a session key,thus ensuring non-secure data in the GPRS subsystem security.In the aspect of network security in GPRS subsystem,we focus on the detailed discussion on the arrangement of railway Domain Name System(DNS),Remote Authentication Dial In User Service(RADIUS)and firewall.RADIUS existing device authentication service and network management business sharing the same port may leak locomotive data.So focusing on this problem,a targeted optimized transformation is applied to achieve business separation,so as to protect the security of the GPRS subsystem.Aimed at the business security of GPRS subsystem,two methods of railway RADIUS and GROS network log are monitored and analyzed.First,through using Python to call MySQL in the Linux environment to complete the rules of the algorithm implementation,the abnormal results are obtained,and then the results are analyzed and verified.In the Windows environment,a man-machine dialogue interface is designed with java programming,achieving the semi-automatic processing of log data importation.Through the time measurement and operability analysis of the two data processing schemes.Based on the analysis of java programming,the optionality of the logic rule threshold time is added.The exception rate concept is introduced,and the impact of the various threshold time on the abnormal rate is analyzed.The log analysis software makes the railway monitoring and analysis of the abnormal business more convenient and accurate to ensure the business safety of the railway mobile communication network.Finally,this thesis summarizes the security work of railway mobile communication network and prospects for future work.