Search

CN-116346419-B - Railway vehicle lightweight vehicle-mounted trusted network system based on active safety

CN116346419BCN 116346419 BCN116346419 BCN 116346419BCN-116346419-B

Abstract

The invention belongs to the technology of vehicle-mounted network information safety, and relates to a railway vehicle lightweight vehicle-mounted trusted network system based on active safety, which comprises a vehicle-ground wireless communication boundary domain, a vehicle-mounted network node equipment domain and a vehicle-mounted trusted platform, the vehicle-mounted trusted platform is embedded into each system of the vehicle-ground wireless communication boundary domain, the vehicle-mounted network domain and the vehicle-mounted network node equipment domain and is used for accessing the vehicle-mounted network authentication, the trusted communication authentication among different levels of subnetworks and the communication authentication among the vehicle-mounted network node equipment through the identity authentication node equipment. The invention realizes the active safety function of the vehicle-mounted network through access authentication, inter-subnet reliable authentication and inter-equipment instruction interaction authentication, not only can meet the real-time requirement of the train network, but also can ensure the safety of the vehicle-mounted network system on the premise of not adding external defense tools, and improves the active safety immunity of the network.

Inventors

  • LIANG JIANYING
  • DU JIEWEI
  • CHANG ZHENCHEN
  • JIA DONGXIAO
  • LIU MINGMING

Assignees

  • 国家高速列车青岛技术创新中心

Dates

Publication Date
20260512
Application Date
20230223

Claims (10)

  1. 1. The railway vehicle lightweight vehicle-mounted trusted network system based on active safety is characterized by comprising a vehicle-ground wireless communication boundary domain, a vehicle-mounted network node equipment domain and a vehicle-mounted trusted platform, wherein the vehicle-mounted trusted platform is embedded into each system of the vehicle-ground wireless communication boundary domain, the vehicle-mounted network domain and the vehicle-mounted network node equipment domain and is used for accessing vehicle-mounted network authentication, different levels of sub-network trusted communication authentication and vehicle-mounted network node equipment communication authentication through identity authentication node equipment, and the vehicle-mounted trusted platform comprises: The trusted cryptography module is used for identity authentication of the vehicle-mounted network node equipment, authentication between subnets and trust attribute measurement, updating and revocation of the vehicle-mounted network node equipment and the maintenance terminal equipment; The trusted software base module is embedded into an operating system kernel of the vehicle-mounted network node equipment and is used for implanting a measurement code into an operating system guide of the vehicle-mounted network node equipment, carrying out retrospective measurement on the integrity of the operating system guide program code under the drive of a CPU real mode and completing interception and policy management of vehicle-mounted network behaviors; the trusted service module is used for centrally managing the trusted state, checking and signing the trusted state report reported by the vehicle-mounted network node equipment, and synchronizing the currently maintained trusted state with the heartbeat packet authentication and timing of each vehicle-mounted network node equipment.
  2. 2. The railway vehicle lightweight vehicle-mounted trusted network system based on active safety according to claim 1, wherein the vehicle-mounted trusted platform performs active measurement on the trusted network system environment in the operation process of the trusted network system, so as to realize the basic trusted environment of the vehicle-mounted trusted platform, signs a measurement result report, and identifies the trusted state of the current environment of the vehicle-mounted trusted platform, thereby realizing identification and trusted verification of identities of both communication parties.
  3. 3. The active security-based rail vehicle lightweight on-board trusted network system of claim 1 or 2, wherein the trusted cryptography module comprises: a trusted root which is used as a trust base point in a trusted network system; The domestic cryptographic algorithm engine is used for generating an identity authentication secret key, encrypting and decrypting data and instructions, signing the state characteristic value of the node equipment and the identity authentication private key and calculating an integrity measurement value; a random number generator for generating a random number; and the storage module is used for storing the node equipment state characteristic value and the identification private key.
  4. 4. The light-weight vehicle-mounted trusted network system of the railway vehicle based on active safety as claimed in claim 3, wherein the trusted authentication process of the node equipment in the vehicle-mounted network node equipment domain for accessing the vehicle-mounted network is that the vehicle-mounted network node equipment needs to judge the trusted state according to a trusted equipment state list before accessing the vehicle-mounted network and then decides whether to allow access, when the vehicle-mounted network node equipment accesses, a request instruction triggers an integrity check handshake message, a trusted service module submits a network access request after receiving the message, the trusted software base module obtains the access request through a hook function and notifies a trusted service module of unique identifier ComID information of the vehicle-mounted network, the trusted service module judges the trusted state of a corresponding system in a vehicle-mounted wireless communication boundary domain, the trusted cryptographic module completes identity authentication of a network access requester, then calculates an integrity metric value and transmits an authentication strategy thereof to a strategy execution point to decide a strategy execution point opening port, and if the trusted state of the corresponding system in the vehicle-mounted wireless communication boundary domain meets the condition, connection to the vehicle-mounted network is allowed.
  5. 5. The light-weight vehicle-mounted trusted network system of the railway vehicle based on active safety according to claim 3, wherein the trusted communication authentication process between the subnets of different grades is characterized in that a first subnet periodically acquires the trusted state of all node devices of the vehicle-mounted network from a trusted service module and periodically reports the trusted state of the first subnet, a second subnet periodically acquires the trusted state of all node devices of the vehicle-mounted network from the trusted service module and periodically reports the trusted state of the second subnet, when the first subnet is communicated with the second subnet, the first subnet inquires the trusted state of the second subnet from a trusted state library thereof, the second subnet inquires the trusted state of the first subnet from a trusted state library thereof, the first subnet can initiate communication with the second subnet after the trusted state authentication with the second subnet is completed, and the second subnet can initiate communication with the first subnet after the trusted state authentication with the first subnet is completed, so that the second subnet can realize the trusted communication between the subnets of different grades.
  6. 6. The light-weight vehicle-mounted trusted network system based on active safety for the railway vehicle, as claimed in claim 3, is characterized in that the communication between vehicle-mounted network node devices, namely the instruction-level reliable transmission authentication process, is that the vehicle-mounted network node device communication parties send authentication requests, the trusted service module returns authentication request random numbers, after receiving the response random numbers, the vehicle-mounted network node device calls the trusted password module to acquire hash characteristic value information of the random numbers, the trusted password module interacts the information to acquire required characteristic values and corresponding measurement logs, the stored device state characteristic values and an identity certification private key are signed to acquire an information identity authentication key, the communication parties decrypt the acquired ciphertext information to acquire an identity authentication key certificate, the identity authentication key certificate is compared with registered information to verify the identity authentication key certificate, after verification, the identity authentication key is used for verifying the signature information to acquire the device state characteristic values and the random numbers stored by the trusted password module, if the authentication is consistent with the previously sent device state characteristic values, the obtained values are successfully hashed, and the obtained values are judged to be authenticated if the obtained values are identical with the device state characteristic values stored by the trusted password module, and the vehicle-mounted network node can be carried out.
  7. 7. The system of claim 3, wherein the trusted cryptography module uses ComID based on TRDP protocol as a unique identifier of the node device data structure to perform identity authentication and identity authentication, comID, source IP address and destination IP address are combined into a unique identifier of the vehicle network communication, to perform inter-network communication authentication, the process data uses UDP protocol, the destination communication port is fixed as 17224, the message data uses UDP or TCP protocol, and the destination port is fixed as 17225.
  8. 8. The active security-based rail vehicle lightweight on-board trusted network system of claim 3, wherein the trusted root is used to verify all additional software loaded on the trusted network system, the trusted root is hardware-based and immutable, and the trusted root cannot be tampered with.
  9. 9. The active safety-based railway vehicle lightweight vehicle-mounted trusted network system according to claim 1, wherein all vehicle-mounted network node equipment reports the trusted state of the vehicle-mounted network node equipment at regular time in the operation process of the trusted network system, and meanwhile, the trusted state of all terminals in the network is updated from a safety management platform, and when the state of one of two communication parties changes, emergency measures are taken.
  10. 10. The active safety-based railway vehicle lightweight vehicle-mounted trusted network system as claimed in claim 1, wherein the vehicle-ground wireless communication boundary domain comprises a vehicle-ground wireless communication control system, a data exchange system and a 4G/5G wireless communication system, the vehicle-mounted network domain comprises an ETB train backbone network system and an ECN marshalling network system, and the vehicle-mounted network node equipment domain mainly comprises a bogie system, a motor system, an electric transmission system, a braking system, an air conditioning system, a gating system, a high-voltage system, a train control system, an entertainment system and a monitoring system.

Description

Railway vehicle lightweight vehicle-mounted trusted network system based on active safety Technical Field The invention belongs to the technical field of vehicle-mounted network information safety, relates to a railway vehicle-mounted network technology, and particularly relates to a railway vehicle lightweight vehicle-mounted trusted network system based on active safety. Background The rail vehicle network control system is one of the core systems of the train, is called a brain and nerve system of the train, and has the main functions of controlling the whole train, monitoring the state, diagnosing faults and the like, and the train network mainly comprises a train control network, a train maintenance network, a train signal network and the like. With the introduction of artificial intelligence and automatic driving functions, a train network control system based on an industrial Ethernet is widely applied, but the Ethernet adopts an open communication protocol stack, so that more safety risks are brought to a vehicle-mounted communication network system. The vehicle-mounted industrial Ethernet is different from the traditional industrial Ethernet, and the network protocol, architecture and operation environment are different, for example, a train network adopts a real-time Ethernet protocol TRDP, a common industrial control system mostly adopts a standard industrial protocol, the common industrial control network and the train network are different in topology and access equipment, the train network is higher in integration level, and in the train network, most of equipment adopts a board card type form. The vehicle-mounted network system comprises various types of node equipment, the node equipment has isomerism, some nodes with weaker safety protection capability are easy to be attacked by safety, and meanwhile, as a vehicle-ground wireless communication boundary domain possibly accesses malicious terminal equipment or computing equipment, the safety of data cannot be ensured. In the existing protection technology, the protection technology is mainly divided into an active protection layer and a passive protection layer, at present, network security is evolved to an 'endophytic security' age in face of continuously changing network threats, and self-adaptive, autonomous and self-growing security capabilities are required to continuously grow by means of an autoimmune system. Therefore, china establishes a 'trusted connection architecture of information security technology trusted computing specification', the standard adopts a three-layer, peer-to-peer and centralized management trusted connection architecture technology, the trusted network authenticates identity legitimacy before the terminal is connected to a target network, if the authentication is passed, the platform trusted state of the terminal is measured, if the measurement result meets the security policy of network connection, the terminal is allowed to be connected to the network, otherwise, access is not allowed, and the method is an active, bidirectional and pre-precaution network connection method. However, the technology only provides a trusted connection scheme for the terminal to access the network, and cannot be applied to trusted authentication between networks. For this reason, expert students have also made a series of studies in this field. In general trusted computing platform research, shen Changxiang et al propose a trusted computing platform (application number: 201910195870.1) of a parallel computing and protection dual architecture, which includes a parallel computing subsystem and a protection subsystem, the computing subsystem is used for completing computing tasks, and the protection subsystem is used for actively measuring and actively controlling the computing subsystem according to a trusted policy through a trusted platform control module. Meanwhile Shen Changxiang et al also propose a method for constructing a trusted computing platform with a dual architecture and a trusted computing platform (application number: 201910610041.5), wherein the method constructs computing resources for completing computing tasks, constructs trusted computing resources for actively measuring the computing resources and performing corresponding active control according to the result of the active measurement, the active measurement comprises static measurement and dynamic measurement, and configures the computing resources and the trusted computing resources into a computer central processor to obtain the trusted computing platform with the dual architecture, and the trusted computing platform comprises the computer central processor and other external resources. Wu Bangjiang et al propose an integrated computer motherboard (application number: 201621426039.0) based on high reliability, which comprises a motherboard body, a Loongson 3A processor, a Northbridge chip, a southbridge chip, a PCIE exchange chip and a trusted cryptograp