| With the network operation of China’s high-speed railway,there are higher requirements for its safety construction level,transportation organization efficiency and passenger service quality.Since 2017,high-speed railway has entered the intelligent stage,which deeply integrates cloud computing,Internet of Things,artificial intelligence and big data analysis and other new technologies.Intelligent applications cover the whole life process of railway transportation,such as intelligent train,automatic train driving,train operation control,intelligent engineering construction,intelligent infrastructure,digital ticket booking,intelligent power supply and so on.In order to achieve the overall planning for high speed railway intelligent,ensure the compatibility,controllable,interoperability,intelligent highspeed rail construction in China around the high-speed railway construction,equipment,operating three business lines,set up the business system,application system,data system,technical system,evaluation system and standard system for the integration of intelligent highspeed architecture,And through the security framework for the entire system architecture planning and construction to provide all aspects of the guarantee.In the whole process of intelligent high-speed railway data transmission and customer service platform,whether the data is obtained by unauthorized users and whether the transmission data content is illegally tampered with affects the data processing and important decisions of subsequent applications,and even threatens the security of the entire high-speed railway system.Therefore,to choose a reasonable identity authentication mechanism according to the specific situation of each system and module is the basis for ensuring the security of intelligent high-speed railway data and information.However,in the intelligent high-speed railway,the composition of each system is complex.The underlying technical layer adopts a large number of data collection devices and has differences in computing power and storage capacity.The system of the business layer and the application layer are classified meticulously according to their functions.In order to provide authentication service and identity management conveniently,each system chooses the appropriate authentication mechanism,sets up the internal authentication server,and forms the relatively independent trust domain.When entities in the trust domain need to use the data provided by different domains,it is necessary to design the trust model and authentication mechanism across heterogeneous domains to ensure the security of information transmission between data domains.Firstly,this thesis proposes a cross-domain authentication and key agreement protocol scheme for high-speed intelligent railway system.In order to adapt to the data application scenarios in the intelligent railway data architecture,a cross-domain authentication scheme is designed when an individual application system accesses the data service of the other domain under three heterogeneous trust domains,namely Kerberos,PKI and IBC.Considering the differences between three types of heterogeneous computing domain entities,this scheme through the registry to trust domain server to distribute secret value,when the user requests cross-domain access to the domain server first.After the server to authenticate users through the secret value is used to calculate certification related parameters,the end user to use the parameters apply to the outland server,The foreign domain server uses the shared secret value to verify the validity of the parameter and then authenticates the user’s identity.Rabin encryption algorithm is used in the authentication process,and the encryption and decryption methods of modular square operation and Chinese residual theorem operation are used to ensure the security of transmission information.Then the formal verification and security analysis of the scheme are carried out.By comparing the existing relevant schemes,the efficiency of the proposed scheme is further analyzed.The analysis results show that the calculation efficiency of the scheme is improved under the premise of meeting the security requirements.Then,according to the development of digital service platform of intelligent railway,a cross-domain trust model based on block chain technology is proposed in the Web application and service environment to realize cross-domain access identity authentication between heterogeneous trust domains in the Web environment.Considering the large number of Web applications and services,the complexity of direct registration communication between heterogeneous domains is greatly increased.In this scheme,WS-federation mechanism is used to establish the federated trust relationship between domains,and the blockchain certificate server is set as the third party.The security token service module of each domain completes the conversion of trust credentials between heterogeneous domains.The federation chain is used to guarantee the credibility of the server and realize the authentication of cross-domain access.The authentication process is encapsulated by various mechanisms in WS-Federation to ensure the security and effectiveness of message transmission.Then the block chain part is simulated,and the security and efficiency are compared and analyzed.The analysis results show that the trust domain registration efficiency is improved and the communication complexity is reduced under the premise of meeting the security requirements. |
PDF Full Text Request