Research On Key Management And Anti-DDoS Communication Method Of Railway Signal System Based On RSSP-?

With the increasing speed of railway operation,the requirements for reliability and safety of train control system are gradually improving.At present,CTCS(Chinese Train Control System)-3 train control system is widely equipped on trains in China.Meanwhile,the two-way communication mode based on GSM-R is adopted in train-ground communication.On this basis RSSP(Railway Signal Safety protocal)-II has formulated relevant specifications for train open wireless communication.However,the openness of wireless network still poses great challenges to the safe and reliable vehicle-to-ground communication and the safe operation of high-speed rail.Through security analysis,this paper studies DDoS(Distributed Denial of Service)attack defense and key distribution to provide security protection mechanism for railway wireless communication.In order to protect wireless vehicle-ground communication from DDoS attacks,a multi-level dynamic packet authentication and filtering mechanism based on outgoing characteristics is designed and implemented in this paper,on the basis of statistics and analysis of the number and frequency of authentication requests sent by devices.Among them,the device is connected to GSM-R,and an authentication request control strategy is added to its existing authentication mechanism.At the base station,the maximum likelihood estimation method is used to estimate the probability density distribution of the outgoing frequency,and to determine whether the characteristics of the subsequent data packets conform to the distribution.Attack packet determination,setting blacklist,filtering and forwarding data packets,and dynamically updating blacklist mechanism based on impact degree to prevent attackers from carrying out DDoS attacks.Finally,the NS-3 simulator is used to simulate the filtering scenario,and the comparison of packetThe security function module of RSSP-? protocol designs the secure communication mechanism of peer-to-peer entities.Through security analysis,it is proved that there are many security threats in the original key distribution mode,such as man-in-the-middle attack.In this paper,an improved ECDH(Elliptic Curves Diffie-Hellman)key agreement algorithm is implemented.According to the requirement of the communication scenario of CTCS-3 train control system,this paper makes a detailed data comparison and feasibility analysis between the classical DH algorithm and the improved ECDH algorithm from three aspects:time consumption,storage overhead and security.The results show that the improved ECDH algorithm consumes less time,has higher security,and has higher storage overhead than DH algorithm,but it is still acceptable.Finally,the ECDH key agreement algorithm is applied to RSSP-? protocol,and the peer-to-peer secure communication mechanism based on the improved ECDH key agreement protocol is designed and implemented.