Research Of Zero Trust Network Of Railways Based On SD-WAN Architecture

With the rapid development of information technology,information systems are becoming gradually widely-used in railways.As a result,in addition to the frequent network attacks,research of cybersecurity has turned to one of the most important topics for protecting the safety of railways.The existing boundary-protecting mode divides the network of railways into two parts,one of which named untrusted public network,and the other named trusted private network.While this mode shows good effect in protecting resources from attacks from public network,the private network,through which an increasing number of attacks happens,is no longer trustworthy.A novel mode of protection for cybersecurity is needed to face up with the complex and dangerous network situation.Therefore,in this paper,the concept of Zero Trust Network is introduced,after the analysis of the limitation of the existing communication network and boundary-protecting mode of railways.The architecture of Zero Trust Network of railways is designed through the research of the main idea,the components,and the work flow of Zero Trust Network.Meanwhile,combined with the SD-WAN architecture,widely used in large enterprises,the important functions of Zero Trust Network,such as dynamic policy,authentication and authorization,minimum permission,etc.,can be realized due to the forwarding and control element separation and the software-defined ability of SD-WAN.As a result,the Zero Trust Network of railways based on SD-WAN architecture is designed,of which SD-WAN acting a role as policy execution component of Zero Trust Network of railways.The main contents of this paper are as follows:(1)Research of key techniques of the communication network of railways.Analysis of the problem and limitation of the existing network and boundary-protecting mode of railways.Figuring out the necessity and importance of establishing Zero Trust Network of railways from the dimension of both business and security.(2)Research of the idea and architecture of Zero Trust Network of railways.Through the study on the resent research results of Zero Trust Network,this paper establishes the mentality of designing Zero Trust Network,makes clear the components and their functions,and analyzes the key process of authentication,authorization and policy execution.Combined with the present condition of the communication network,this paper build up the Zero Trust Network of railways architecture.(3)Research of key techniques of SD-WAN.This paper finds out the component of SD-WAN and their own function,together with the logical work flows of SD-WAN.In addition,the key techniques that realize the forwarding and control element separation and the software-defined ability of SD-WAN,such as IPSec,TLS/DTLS,NETCONF protocol,RESTful API,etc.,is discussed in this paper.Taking SD-WAN components as the policy execution components,this paper establishes the Zero Trust Network of railways based on SD-WAN architecture,and gives a feasible proposal of transfer from existing network to Zero Trust Network.(4)Research of application and security of Zero Trust Network of railways.This paper demonstrates the technique details of how Zero Trust Network of railways works when applications are executed in it,taking the scenario of work-from-home and access to cloud for example.Finally,this paper discuss the security of Zero Trust Network of railways from two dimensions,one of which is to discuss from the sight of attackers and hackers,and the other is to compare with specific terms of Baseline for classified protection of cybersecurity.