面向列车通信网络的轻量化加密方案

唐军; 葛强华; 邹智荣; 陈勃; 唐品

doi:10.13890/j.issn.1000-128X.2024.01.100

您当前的位置：

首页 >

文章列表页 >

面向列车通信网络的轻量化加密方案

电力牵引与控制 | 更新时间：2024-08-02

- 面向列车通信网络的轻量化加密方案
- Lightweight encryption solution for train communication network
- 机车电传动 2024年第1期页码：122-128
- 作者机构：
  
  中车株洲电力机车研究所有限公司，湖南株洲 412001
- 作者简介：
  
  葛强华（1999—），男，主要从事列车网络安全加密技术方面的研究；E-mail: geqh@csrzic.com
- 基金信息：
- DOI：10.13890/j.issn.1000-128X.2024.01.100
  中图分类号： TP311.1;TP393
- 纸质出版日期：2024-01-10，
  
  收稿日期：2023-08-25，
- 稿件说明：
扫描看全文
唐军, 葛强华, 邹智荣, 等. 面向列车通信网络的轻量化加密方案[J]. 机车电传动, 2024(1): 122-128.

TANG Jun, GE Qianghua, ZOU Zhirong, et al. Lightweight encryption scheme for train communication network[J]. Electric drive for locomo tives, 2024(1): 122-128.
唐军, 葛强华, 邹智荣, 等. 面向列车通信网络的轻量化加密方案[J]. 机车电传动, 2024(1): 122-128. DOI：10.13890/j.issn.1000-128X.2024.01.100.

TANG Jun, GE Qianghua, ZOU Zhirong, et al. Lightweight encryption scheme for train communication network[J]. Electric drive for locomo tives, 2024(1): 122-128. DOI：10.13890/j.issn.1000-128X.2024.01.100.

摘要

随着无线通信技术的广泛应用，列车通信网络面临的网络安全风险随之增加。数据加密是应对网络安全风险的重要手段，但也需要额外消耗处理器的计算资源。列车通信网络主机都是由嵌入式设备组成，计算资源有限。文章提出了一种面向列车通信网络的轻量化加密方案，该加密方案在传统通信加密方案上提出了一种密钥协商流程，大幅降低密钥管理硬件要求和计算量，达到在列车通信网络轻量化加密，满足通信数据真实性、完整性、保密性要求。经过试验验证，该方案的密钥协商用时约为传统SM2+SM3+SM4通信加密方案的31.9%，设备CPU负荷约为其35.8%。

Abstract

The wide application of wireless communication technology has brought about an increase in network security risks for train communication networks. To mitigate these risks

data encryption has emerged as an important means

albeit with additional demand on CPU computing resources. However

train communication network hosts predominantly rely on embedded devices with limited computing resources. This paper proposes a lightweight encryption solution for train communication networks. This solution employs a key negotiation process based on traditional communication encryption scheme

aiming to achieve lightweight encryption in train communication networks and compliance with the authenticity

integrity

and confidentiality requirements of communication data

while greatly reducing hardware demands and computational burdens associated with key management. Experimental verification using the proposed solution yielded a key negotiation time consumption of about 31.9% and reduced the CPU load on devices to about 35.8% when compared to the traditional SM2+SM3+SM4 communication encryption method.

关键词

列车通信网络数据加密轻量化密钥协商

Keywords

train communication networkdata encryptionlightweightkey negotiation

references

刘晓溪. 信息安全助力深圳地铁数字化转型稳步推进[J]. 城市轨道交通, 2021(8): 34-36.

LIU Xiaoxi. Information security helps Shenzhen metro digital transformation advance steadily[J]. China metros, 2021(8): 34-36.

全国信息安全标准化技术委员会(SAC/TC 260). 信息安全技术公钥基础设施 PKI系统安全技术要求: GB/T 21053—2023[S]. 北京: 中国标准出版社, 2023.

National Information Security Standardization Technical Committee(SAC/TC 260). Information security techniques-public key infrastructure-security technology requirement for PKI system: GB/T 21053—2023[S]. Beijing: Standards Press of China, 2023.

Information Technology Laboratory, National Institute of Standards and Technology. Advanced encryption standard (AES): FIPS 197[S]. Gaithersburg: National Institute of Standards and Technology, 2023.

潘晓中, 张薇, 徐晓军, 等. 数据加密技术分析[J]. 系统工程与电子技术, 2003, 25(2): 236-238.

PAN Xiaozhong, ZHANG Wei, XU Xiaojun, et al. Analysis of data encryption techniques[J]. Systems engineering and electronics, 2003, 25(2): 236-238.

Information Technology Laboratory, National Institute of Standards and Technology. Secure Hash Standard (SHS): FIPS PUB 180-4[S]. Gaithersburg: National Institute of Standards and Technology, 2015.

全国信息安全标准化技术委员会(SAC/TC 260). 信息安全技术SM2椭圆曲线公钥密码算法第1部分: 总则: GB/T 32918.1—2016[S]. 北京: 中国标准出版社, 2017.

National Information Security Standardization Technical Committee(SAC/TC 260). Information security technology-public key cryptographic algorithm SM2 based on elliptic curves-part 1: general: GB/T 32918.1—2016[S]. Beijing: Standards Press of China, 2017.

全国信息安全标准化技术委员会(SAC/TC 260). 信息安全技术 SM3密码杂凑算法: GB/T 32905—2016[S]. 北京: 中国标准出版社, 2017.

National Information Security Standardization Technical Committee(SAC/TC 260). Information security techniques-SM3 cryptographic hash algorithm: GB/T 32905—2016[S]. Beijing: Standards Press of China, 2017.

全国信息安全标准化技术委员会(SAC/TC 260). 信息安全技术SM4分组密码算法: GB/T 32907—2016[S]. 北京: 中国标准出版社, 2017.

National Information Security Standardization Technical Committee(SAC/TC 260). Information security technology-SM4 block cipher algorithm: GB/T 32907—2016[S]. Beijing: Standards Press of China, 2017.

高枫, 余博, 李元轩. 城轨车辆列车网络控制系统技术方案及发展方向[J]. 铁路技术创新, 2015(4): 57-62.

GAO Feng, YU Bo, LI Yuanxuan. Technical scheme and development direction of train network control system for urban rail vechicles[J]. Railway technical innovation, 2015(4): 57-62.

张顺广, 王隆龙, 袁涛. 动车组统型PTU服务软件的设计与实现[J]. 铁道机车车辆, 2019, 39(4): 6-10.

ZHANG Shunguang, WANG Longlong, YUAN Tao. Design and implementation of EMU's integrated PTU service software[J]. Railway locomotive & car, 2019, 39(4): 6-10.

SCHNEIER B. 应用密码学: 协议、算法与C源程序[M]. 吴世忠, 祝世雄, 张文政, 等译.北京: 机械工业出版社, 2014: 20-23.

SCHNEIER B. Applied cryptography: protocols, algorithms, and source code in C[M]. Translated by WU Shizhong, ZHU Shixiong, ZHANG Wenzheng, et al. Beijing: China Machine Press, 2014: 20-23.

刘远航. PKI实现与应用中的一些问题[D]. 长春: 吉林大学, 2004.

LIU Yuanhang. Some issues in implementing and applying a PKI[D]. Changchun: Jilin University, 2004.

杨波. 现代密码学[M]. 5版. 北京: 清华大学出版社, 2022: 161-163.

YANG Bo. Modern cryptography[M]. 5th ed. Beijing: Tsinghua University Press, 2022: 161-163.

刘洪强. 基于SSL协议的VPN技术研究与实现[D]. 济南: 山东大学, 2008.

LIU Hongqiang. Research and implementation of SSL-based VPN[D]. Jinan: Shandong University, 2008.

SHANNON C E. Communication theory of secrecy systems[J]. The bell system technical journal, 1949, 28(4): 656-715.

浏览量

下载量

CSCD

CNKI被引量

文章被引用时，请邮件提醒。

提交

工具集

关联资源

列车通信网络安全现状分析及应对方案研究

160km/h动力集中动车组复合冷却塔研制

基于以太网的列车通信网络安全脆弱性定性分析

地铁列车车体技术研究

基于以太网列车通信网的交换机测试方法