Research Of The Penetration Test On The Security Of The Train Control System

Commercial software and hardware products and standard communication protocols are widely used in Communication Based Train Control(CBTC)system.The automation level and intelligence of the system have been enhanced with the increased security risk of the system.The penetration test can be used to analyze the high-risk path of cyber attack and discover the security vulnerabilities of the system.However,due to the requirement of urban rail operation on the safe,reliable and uninterrupted operation of CBTC system,it is not possible to perform on-line penetration test.The penetration test of CBTC system is still at the initial stage of theoretical research.In this paper,the theoretical research and verification of CBTC penetration test are investigated on the semi-physical platform of train control system.The work of this paper has theoretical importance and practical significance to discover the security vunerability,analyze the impact of cyber attack on the urban rail operation and improve the level of security protection.The modeling of CBTC penetration test,the selection and verification of the optimal path of penetration test are studied in this paper.Firstly,the attack tree method is used,combined with the typical features of the system and the results of vulnerability scan on the platform,to model and analyze the security risk of CBTC system.Then,the minimal cut set method is adopted to identify attack path and quantitatively analyze the difficulty of implementation.At last,the optimal path of penetration test is selected based on the mimimum system and verified on the platform.Its impact on the urban rail operation is analyzed.The suggestions on the protection of security risk are given.The main work of this paper is as follows:(1)The necessity analysis of the penetration test of CBTC system.The protective effect of the current safety mechanism in train control system on the security risk is analyzed.The characteristics and methods of the penetration test are introduced.The necessity of the research and verification of CBTC penetration test are clarified.(2)The research on the modeling of the penetration test of train control system.The revised attack tree method is proposed to modularizely illustrate the typical features of train control system,such as the redundant architecture,the safety computer platform and fail-safe design,etc.The indicators of the utilization rate of vulnerabilities are designed.The method to identify the path of security attack through using the minimum cut set theory and the approach to quantitatively analyze the success rate of security attack are proposed.(3)The selection of the optimal path of penetration test.Based on the analysis of the information flow,the minimum CBTC system is defined.The semi-physical platform of train control system is exploited to discover the vunerabilities of the system.The attack tree model of the minimum CBTC system is set up to analyze the impact of failure,which is caused by the cyber attack,on the operation of urban rail transit.The optimal path of penetration test is selected based on the success rate and the impact of the cybe atttack.(4)The verification of the optimal path of penetration test.The feasibility of the optimal path of penetration test and the impact of the cyber attack are verified on the semi-physical platform of train control system.The suggestions on the security protection for the vunerabilities and the optimal path of security attack are given to enhance the security level of the system.It is shown by the experimental results that the selected optimal path of penetration test is feasible and severly impacts the operation of urban rail transit.The proposed approach is of great significance for discovering the vulnerabilities and improving the security protection level of the train control system.