Security Analysis On The Protocol Of Railway Time Synchronization Network

As an important part of railway bearer network,railway time synchronization network provides a unified standard time information for each railway subsystem.Railway time synchronization network applies NTP as the synchronization protocol and follows its “server/client” operation mode to offer a time synchronization service for each railway operation system.NTP is a kind of connectionless protocol whose security is relatively less.Thus,in order to insure the safety operation of railway time synchronization network,it is of great significance to study the NTP security.With railway time synchronization network selected as the object of research,firstly,a vulnerability analysis based on Colored Petri Nets theory was generated on NTP.Then,a comprehensive prevention and response measure was proposed to deal with the DDoS attack occurred on railway time synchronization network.When generating the time synchronization service,NTP will primarily start the authentication on its servers.The authentication process can be achieved through private certificate or trusted certificate respectively.However,once the authentication procedures were extracted by certificates,the vulnerabilities can be hardly avoided.Therefore,an accessibility analysis on the insecure states existed during the authentication through reverse state analysis method based on Colored Petri Nets was generated.In addition,the CPN Tools software was used to simulate and verify the analysis results.The results showed that the NTP insecure states existed in the authentication process were proved to be reachable.The simulation results can perfectly match with the theoretical analysis,which further proved that there existed security vulnerabilities on NTP.In order to protect the network from DDoS attacks,a combinational defense method was proposed including Egress Filtering and Improved Packet Marking.Firstly,for the malicious packets produced by the hosts outside the time synchronization network,the Egress Filtering method can be used to filter the packets with illegal address information.Furthermore,for the malicious packets produced by the client hosts within the network,the Improved Packet Marking strategy can be adopted to restructure the attack paths for immediately discovering the problem hosts.Finally,a simulation analysis was generated for the two research methods.The results showed that Egress Filtering method can efficiently filter the malicious packets coming from the hosts outside the network while the Improved Packet Marking can rapidly finish the attack paths reconstruction.The combination of the two methods can effectively prevent the railway time synchronization network effectively from the DDoS attacks.