Research On The Improvement Of Key Management Mechanism Of RSSP-Ⅱ

CTCS-3 train control system uses the railway safety communication protocol RSSPII to protect the interaction of safety-related information between signal safety devices,and the protocol uses symmetric encryption technology to ensure the authenticity,integrity and privacy of the transmitted information,therefore,the protocol establishes a key management mechanism.Through the analysis of the mechanism,it is found that there may be safety risks in the management of transport keys and authentication keys: first,the distribution of transport keys is interfered by the operator,and the key is unchanged for long term,so there’s a risk that transport key could be compromised,which thus endangering the safety of authentication keys.Second,the key management function is centralized in the key management center,which means there might be a centralization problem.Therefore,in order to enhance the safety of the protocol and make the communication between safety related entities of the train control system safer and more reliable,an improved scheme is presented in this paper.The main work is as follows:(1)In order to solve the safety problems mentioned above,and strengthen the safety of the authentication keys,an advanced strategy that combines the blockchain consensus mechanism Raft and elliptic curve cryptosystem is proposed,which enables all the safety related devices in a certain area of the system to update and share an authentication key in Byzantine environment with a method that removes the key management center and reduces human intervention.And in the meantime,this improvement will not change the communication strategy of safety data between safety entities,and will not affect the communication of safety-related information.(2)Based on the threat defense matrix in EN50159,the qualitative analysis of the scheme is carried out,which proves that the scheme meets the standard of EN50159 and covers the safety.Then,the formal verification method based on the temporal logic of actions is used to analyze the consensus scheme: firstly,the state machine model of the consensus process in the non-Byzantine environment is constructed and verified by the TLC model detector,and the results illustrate that the consensus scheme has no deadlock problem and can realize the function of updating and sharing the key information,which proves the correctness of the scheme;secondly,the safety of the scheme in the nonByzantine environment is analyzed by logical proof;finally,an attacker model is constructed based on the existing model,then the new model is detected by TLC tool,and it gives the results showing that the consensus scheme can still achieve the consensus function correctly when it is attacked,which proves that the scheme is safe in the Byzantine environment.(3)In order to ensure the performance of the improved scheme,this paper proposes to implement the scheme on the Xilinx Zynq-7000 series development platform by the way of combining hardware and software.The first is the consensus process,in order to ensure the flexibility of the process,it is proposed to implement its flow control in software mode on the ARM processor of the platform.The second is the elliptic curve cryptography algorithm with complex operations,in order to ensure the efficiency of the algorithm,the hardware implementations base on FPGA is chosen.And for the elliptic curve cryptosystem,the hardware modules are designed and implemented in Verilog language,at the same time,a testbench is written to simulate the modules with the Modelsim,and the results confirm that the function of each module is correct,on this foundation,a hardware platform for ARM to communicate with the ECC module through the AXI bus is built,and then the control process is realized.Finally,the consensus process is verified between the two nodes,and the result shows that the consensus scheme can achieve the expected function.There are 42 figures,18 tables and 80 references.