CN-121985315-A - Railway track traffic control management method and system

Abstract

The invention provides a railway track traffic control management method and system, and relates to the technical field of railway track traffic control. The method comprises the steps of establishing a time synchronization network of an NTP protocol based on a railway, carrying out vulnerability status reachability analysis on an NTP protocol authentication process based on a trusted certificate by adopting a coloring Petri network model, judging whether vulnerability exists in a current protocol, determining a first dynamic key and a second dynamic key according to key parameters of the NTP protocol authentication process, verifying according to the first dynamic key and the second dynamic key, correcting a synchronization time signal if verification is passed, generating a synchronization time stamp for a target train, collecting real-time operation parameters, determining tracking interval time, and generating and issuing a control instruction. According to the invention, the train running condition can be controlled according to the communication safety condition and the tracking interval time, and the reliability of the real-time running parameters in time and the line utilization rate of the train are improved.

Inventors

• LAN LI
• CHENG XIANG
• ZHENG YIMING

Assignees

• 兰州交通大学

Dates

Publication Date

20260505

Application Date

20260403

Claims (9)

1. 1. A railway track traffic control management method is characterized by comprising the steps of establishing a time synchronization network of an NTP protocol based on a railway, wherein the time synchronization network comprises at least one primary time node and at least one secondary time node, conducting vulnerability status reachability analysis on an NTP protocol authentication process based on a trusted certificate by adopting a coloring Petri network model, judging whether vulnerability exists in the current protocol, determining a first dynamic key and a second dynamic key according to key parameters of the NTP protocol authentication process if the vulnerability exists in the current protocol, wherein the key parameters comprise a primary time node public key, a primary time node private key and a secondary time node public key, verifying according to the first dynamic key and the second dynamic key, correcting a synchronous time signal according to timestamp information in a time synchronous response message if verification is passed, generating a synchronous timestamp according to the synchronous time signal, collecting real-time operation parameters of a target train in a target track section according to the synchronous timestamp, wherein the real-time operation parameters comprise instantaneous train speed and train acceleration, determining a train running speed and train running time, and issuing a real-time control command according to a train running time tracking interval, and generating a train running time tracking interval.
2. 2. The railway track traffic control management method according to claim 1, wherein the vulnerability status reachability analysis is performed on the trusted certificate-based NTP protocol authentication process by adopting a coloring Petri network model, and whether the vulnerability exists in the current protocol is judged, and the method comprises the steps of constructing a formalized model, wherein the formalized model comprises an NTP protocol normal authentication process CPN model based on the trusted certificate and an authentication process CPN model added with man-in-the-middle intrusion, and verifying whether the unsafe termination status exists in the protocol authentication process under man-in-the-middle attack through the vulnerability status reachability analysis, and judging that the vulnerability exists in the current protocol if the vulnerability exists.
3. 3. The railway track traffic control management method according to claim 2, wherein the constructing the formal model comprises the steps of constructing a normal authentication process CPN model between a primary time node and a secondary time node according to an NTP protocol interaction sequence based on a trusted certificate, wherein the CPN model of the normal authentication process comprises a plurality of libraries and transitions for describing an authentication flow of cookie requests, cookie responses, time synchronization requests and time synchronization responses, and adding a man-in-the-middle node into the CPN model of the normal authentication process to construct an authentication process CPN model added with man-in-the-middle intrusion, wherein the man-in-the-middle node performs attack simulation on a protocol authentication process by intercepting, tampering and forwarding communication messages between the primary time node and the secondary time node.
4. 4. The railway track traffic control management method according to claim 1, wherein if the current protocol has vulnerability, determining a first dynamic key and a second dynamic key according to key parameters of an authentication process of an NTP protocol comprises acquiring network address identification information of a primary time node and network address identification information of a secondary time node, acquiring a primary random number generated by the primary time node and a primary time stamp when the random number is generated, acquiring a secondary random number generated by the secondary time node and a secondary time stamp when the random number is generated, and determining the first dynamic key and the second dynamic key according to the key parameters, the network address identification information of the primary time node, the network address identification information of the secondary time node, the primary random number, the primary time stamp, the secondary random number and the secondary time stamp.
5. 5. The method of claim 4, wherein determining the first dynamic key and the second dynamic key based on the key parameter, the network address identification information of the primary time node, the network address identification information of the secondary time node, the primary random number, the primary timestamp, the secondary random number, and the secondary timestamp comprises: 、 Determining a first dynamic key And a second dynamic key , wherein, As a function of the collision-resistant hash, Is a first-level time node public key, Is a secondary time node public key, Is a first-order random number, and the first-order random number, Is a secondary random number, and the random number is a secondary random number, As a primary time stamp of the time stamp, As a secondary time stamp, the time stamp is provided, Is a primary time node private key, To obtain the x coordinate value of the point by performing a point multiplication operation on the elliptic curve, Network address identification information for the primary time node, Network address identification information for the secondary time node, For the bit-stream join operation, Is a bitwise exclusive or operation.
6. 6. The railway track traffic control management method according to claim 1, wherein the verification is performed according to the first dynamic key and the second dynamic key, the method comprises the steps that a secondary time node sends a time synchronization request message to a primary time node, wherein the time synchronization request message comprises a first message authentication code generated based on the first dynamic key, the primary time node receives the time synchronization request message, verifies the first message authentication code based on the first dynamic key, and generates a time synchronization response message after the verification is passed, the time synchronization response message comprises a second message authentication code generated based on the second dynamic key, the secondary time node receives the time synchronization response message, and verifies the second message authentication code based on the second dynamic key.
7. 7. The method for controlling and managing railway track traffic according to claim 1, wherein determining the tracking interval time according to the real-time operation parameter comprises obtaining a first length of the target train and a second length of the target track section, setting a short-time prediction duration and a basic safety tracking time allowance, obtaining a highest speed limit of a line of the target track section, and determining the tracking interval time according to the real-time operation parameter, the first length, the second length, the short-time prediction duration, the basic safety tracking time allowance and the highest speed limit of the line.
8. 8. The method of claim 7, wherein determining the tracking interval time based on the real-time operating parameter, the first length, the second length, the short-time predicted duration, the base safety tracking time margin, and the line maximum speed limit comprises: Determining tracking interval time , wherein, For the first length of the first tube, the first tube is, For the second length of the material to be a second length, For the instantaneous speed of the train, For the instantaneous acceleration of the train, For a short predicted time period, For the purpose of basic security tracking the time margin, Is the highest speed limit of the line.
9. 9. A railway track traffic control management system for performing the railway track traffic control management method according to any one of claims 1 to 8, comprising a time synchronization network module for establishing a time synchronization network of a railway-based NTP protocol, wherein the time synchronization network comprises at least one primary time node and at least one secondary time node; the system comprises a judging module for carrying out vulnerability status reachability analysis on an NTP protocol authentication process based on a trusted certificate by adopting a coloring Petri network model, a dynamic key module for determining a first dynamic key and a second dynamic key according to key parameters of the NTP protocol authentication process if the current protocol has vulnerability, wherein the key parameters comprise a first-level time node public key, a first-level time node private key and a second-level time node public key, a verification module for verifying according to the first dynamic key and the second dynamic key, a correction module for correcting a synchronous time signal according to timestamp information in a time synchronous response message if the verification is passed, a synchronous timestamp module for generating a synchronous timestamp for a target train according to the synchronous time signal, a real-time operation parameter module for acquiring real-time operation parameters of the target train in a target track section according to the synchronous timestamp, wherein the real-time operation parameters comprise train instantaneous speed and train instantaneous acceleration, a tracking interval time module for determining a tracking time according to the real-time operation parameter, a control instruction for controlling the interval, and generating and issuing a control instruction to the vehicle-mounted equipment of the target train and the subsequent trains.

Description

Railway track traffic control management method and system Technical Field The invention relates to the technical field of railway track traffic control, in particular to a railway track traffic control management method and system. Background In the related art, although the train is safely controlled by the traffic operation signal and the communication, the influence of the communication safety and the tracking interval time on the train operation is not considered, that is, the train operation condition cannot be controlled according to the communication safety condition and the tracking interval time. The information disclosed in the background section of the application is only for enhancement of understanding of the general background of the application and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art. Disclosure of Invention The invention provides a railway track traffic control management method and a railway track traffic control management system, which can solve the technical problem that the related technology cannot control the running condition of a train according to the communication safety condition and the tracking interval time. According to a first aspect of the invention, a railway track traffic control management method is provided, which comprises the steps of establishing a time synchronization network based on an NTP protocol of a railway, wherein the time synchronization network comprises at least one primary time node and at least one secondary time node, performing vulnerability status reachability analysis on an NTP protocol authentication process based on a trusted certificate by adopting a coloring Petri network model, judging whether vulnerability exists in the current protocol, determining a first dynamic key and a second dynamic key according to key parameters of the NTP protocol authentication process if the vulnerability exists in the current protocol, wherein the key parameters comprise a primary time node public key, a primary time node private key and a secondary time node public key, verifying according to the first dynamic key and the second dynamic key, correcting a synchronous time signal according to time stamp information in a time synchronization response message if verification is passed, generating a synchronous time stamp for a target train according to the synchronous time signal, acquiring real-time operation parameters of the target train in a target track section, wherein the real-time operation parameters comprise a train instantaneous operation parameter and a train running speed, determining a train running speed and a train running time interval according to a train running time following command, and a train running time tracking device and a train running time interval. Further, a coloring Petri network model is adopted to analyze vulnerability status accessibility of an NTP protocol authentication process based on a trusted certificate, and whether the current protocol has vulnerability is judged, and the method comprises the steps of constructing a formalization model, wherein the formalization model comprises an NTP protocol normal authentication process CPN model based on the trusted certificate and an authentication process CPN model for entering a man-in-the-middle invasion; and verifying whether an unsafe termination state exists in the protocol authentication process under man-in-the-middle attack through vulnerability state reachability analysis, and if so, judging that the current protocol has vulnerability. The method comprises the steps of establishing a primary time node and a secondary time node, establishing a normal authentication process CPN model between the primary time node and the secondary time node according to an NTP protocol interaction sequence based on a trusted certificate, wherein the CPN model of the normal authentication process comprises a plurality of libraries and transitions used for describing an authentication flow of a cookie request, a cookie response, a time synchronization request and a time synchronization response, adding a man-in-middle node into the CPN model of the normal authentication process, and establishing an authentication process CPN model added with man-in-middle invasion, wherein the man-in-middle node carries out attack simulation on a protocol authentication process by intercepting, falsifying and forwarding communication messages between the primary time node and the secondary time node. Further, if the current protocol has vulnerability, determining a first dynamic key and a second dynamic key according to key parameters of an authentication process of an NTP protocol, wherein the first dynamic key and the second dynamic key comprise obtaining network address identification information of a primary time node and network address identification information of a secondary time node, o