Research On The Key Technology Of Railway Communication Security Under Cloud Environment

With the rapid development of high-speed railway,the coverage area of railway communication system is more and more extensive,and the distribution of equipment is becoming more and more dispersed,which led to the difficulty of the exchange of information and sharing in the railway communication system.At the same time,there are a lot of users and massive data in the railway communication need to deal with a large number of user requests,as well as store the massive data.In order to achieve the security,fast,efficient and other characteristics of railway communication,it needs a strong real-time calculation support.Cloud computing is a new type of computing model,it can be applied to the railway communication system,so that makes the railway communication system to gain a strong computing power and distributed cloud storage.It can integrate all kinds of resources in the railway communication system,provided to the user in the form of services,and provide users with a more friendly experience.However,during the development of cloud computing,its data security issues have become increasingly prominent at the same time.These security issues are also inevitable in the combination with the railway communication system.And in the railway communication system data security is more important,the damage and economic losses caused by data leakage will be more serious.The security issues of railway communication under the cloud environment could be simply summarized as the port,cloud,and network.The major security and protection means of the port,cloud and network are: intrusion detection,trusted access network,access control,secure communication protocols,privacy protection,and so on.This paper mainly studies the security of railway communication from three aspects: trusted access network,access control and privacy protection.Firstly,by using the remote attestation mechanism of trusted computing,this paper constructs trusted access model which could used on railway communication.Before the user terminal accesses the cloud server,it is necessary to verify the identity of both the user and the server,and then take an integrity verification to their platform when authenticated successfully.And with the form of platform status report,it transmits to both sides of the communication by a trusted third party,achieves the credibility certification of the platform,and effectively protects privacy information of the platform.Secondly,aiming at the privacy of users of the railway communication system under cloud environment,this paper introduces hierarchical attribute-set-based access control scheme by employing ciphertext-policy attribute-set-based encryption with a hierarchical structure of users to achieve scalability.The proposed scheme simultaneously achieves the notion of fine-grained cum flexible access control,privacy preserving,efficient data utilization and imperatively provides users full-fledged liberty on delegation of their access privileges.Furthermore,we formally prove that proposed scheme is secure under decisional bilinear Diffie–Hellman assumption.Finally,in cloud environment the train will be faced with new privacy issues,according to the requirement of the cloud environment designed a blind signature privacy protection scheme based LTE-R.The scheme solves the existing problems of GSM-R authentication scheme,and the knowledge of using elliptic curve point multiplication cryptography,simplifies the generation of the session key in the LTE-R system.At the same time,this paper realizes bidirectional authentication and front/backward security,ensures that the sensitive information related to the train is not stolen and achieves the privacy protection.