摘要
GSM-R作为铁路专用的通信技术,正在世界铁路范围内得到越来越广泛地应用,推动着各国铁路行业的发展。分析了GSM-R移动通信系统中安全保密体系的特点,引入了防克隆机制、双向认证机制和认证五元组,通过在HLR上设计认证向量及其中的随机数字段与MILENA-GE加密算法,提高了防止恶意无线网络用户对合法列车用户进行克隆攻击的能力,通过设计认证令牌AUTN和采用"挑战-应答"机制,实现了列车用户与服务网络的双向认证,通过密钥协商确定周期更新的加密密钥和完整性密钥,提供更高的数据私密性保护。在此基础上进一步提出了基于用户信誉体系的快速认证方案,以减少越区切换时列控系统列车-地面之间认证过程对通信时延产生的影响,并对快速认证方案的时延开销以及用户信誉等参数的取值进行了深入地分析。
As a special railway communications technology,GSM-R is now increasingly widely used worldwide and contributes to the development of railway industry.This paper analyzes the security characters and problems of GSM-R system,and brings forward anti-clone mechanism,bi-directional authentication scheme and authentication quintet to solve them.A random field within the authentication vector and the MILENAGE encryption algorithm are designed over the HLR in order to protect clone attacks from a malicious wireless network subscriber towards another legitimate train subscriber.The token AUTN and the Challenge Response mechanism are used to perform bi-directional authentication between the train subscriber and the serving network.Periodically refreshed cipher key and integrity key are introduced to realize more secured data privacy through key negotiating.Furthermore,a fast authentication scheme based on subscriber credit system is proposed to reduce the delay resulting from train-ground authentication of ATC system during the handover process of a high speed train,and the overhead of a fast authentication as well as the value setting of some parameters like subscriber credit are analyzed.
出处
《铁道通信信号》
2010年第9期4-7,共4页
Railway Signalling & Communication
